Tuesday, 2016-03-22

« Monday, 2016-03-21 Index Wednesday, 2016-03-23 »
*** spandhe has quit IRC00:05
*** jaybeale has joined #openstack-ironic00:07
*** garthb has quit IRC00:08
*** blakec has quit IRC00:08
*** cdearborn has quit IRC00:12
*** [2]cdearborn is now known as cdearborn00:12
*** rama_y has quit IRC00:16
jlvillaljroll: Done: https://bugs.launchpad.net/ironic/+bug/156026400:16
openstackLaunchpad bug 1560264 in Ironic "spawn_n() should have request context set" [Undecided,New]00:16
jlvillallintan: ^^^00:17
*** daemontool_ has joined #openstack-ironic00:26
*** daemontool has quit IRC00:27
*** izaakk has quit IRC00:27
*** praneshp_ has quit IRC00:30
jrolljlvillal: thanks00:34
*** aginwala has joined #openstack-ironic00:35
lintanmorning jivilla00:46
*** cdearborn has quit IRC00:48
lintanthanks jivillal to create a bug for that00:48
*** jaybeale has quit IRC00:54
*** hoangcx has joined #openstack-ironic00:54
openstackgerritNaohiro Tamura proposed openstack/ironic: Fix NamedTemporaryFile() OSError Exception  https://review.openstack.org/29376200:55
lintanjroll: I will make it today :)00:55
*** dims has joined #openstack-ironic00:57
*** Sukhdev has quit IRC01:09
*** mtanino has quit IRC01:10
*** thrash is now known as thrash|pt001:13
dimsjroll : still around?01:30
dimsjroll : https://review.openstack.org/#/c/295559/01:31
jrolldims: sup01:32
dimsjroll : 1.2.0 is to be stable/mitaka right?01:32
jrolldims: yep, hence the commit message :)01:32
dimsjroll : yep :)01:33
dimsjroll : list-changes output looks good? right - http://logs.openstack.org/59/295559/1/check/gate-releases-tox-list-changes/af057ff/console.html#_2016-03-21_23_01_09_36001:33
dimsjust sanity checks :)01:33
jrolldims: yep, looks as expected01:34
dimsthanks. i'll cut the release now01:34
jroll<301:34
jrolldims: fyi, ironic, ironic-ui, bifrost releases all coming this week, shooting for wednesday-ish01:34
jrollall stable/mitaka01:34
dimsjroll : ack01:35
*** aginwala has quit IRC01:35
*** aginwala has joined #openstack-ironic01:35
*** ChrisAusten has joined #openstack-ironic01:37
openstackgerritDavanum Srinivas (dims) proposed openstack/ironic-python-agent: Update reno for stable/mitaka  https://review.openstack.org/29559101:38
*** Nisha has joined #openstack-ironic01:42
dimsjroll : feel free to edit that or create a new review - release scripts generate that so folks know reno needs to be setup01:45
dimsjroll : this may be a simpler one https://review.openstack.org/#/c/295590/01:45
jrolldims: yeah, I'll do that, approved that other one. thanks.01:46
openstackgerritJim Rollenhagen proposed openstack/ironic-python-agent: Update reno for stable/mitaka  https://review.openstack.org/29559101:48
*** vishwanathj has quit IRC01:50
*** spandhe has joined #openstack-ironic01:53
*** lucas-dinner has quit IRC01:55
*** Marga_ has quit IRC01:55
*** Marga_ has joined #openstack-ironic01:57
*** lucasagomes has joined #openstack-ironic02:00
*** Marga_ has quit IRC02:01
*** aginwala has quit IRC02:02
*** baoli has quit IRC02:03
*** baoli has joined #openstack-ironic02:04
*** vishwanathj has joined #openstack-ironic02:05
*** baoli has quit IRC02:06
openstackgerritJim Rollenhagen proposed openstack/ironic-python-agent: Update reno for stable/mitaka  https://review.openstack.org/29559102:09
*** jaybeale has joined #openstack-ironic02:10
*** jaybeale has quit IRC02:15
*** aginwala has joined #openstack-ironic02:15
*** baoli has joined #openstack-ironic02:17
*** dims has quit IRC02:28
*** Marga_ has joined #openstack-ironic02:28
*** Marga_ has quit IRC02:33
*** baoli_ has joined #openstack-ironic02:33
*** baoli has quit IRC02:37
*** rbudden has joined #openstack-ironic02:42
*** Nisha has quit IRC02:42
*** Fdaisuke has joined #openstack-ironic02:43
*** aginwala has quit IRC02:44
*** vishwana_ has joined #openstack-ironic02:47
*** vishwana_ is now known as vishwanathj__02:48
*** vishwanathj has quit IRC02:50
*** vishwanathj__ is now known as vishwanathj02:53
*** lazy_prince has joined #openstack-ironic02:58
*** hoangcx has quit IRC02:59
*** hoangcx has joined #openstack-ironic02:59
*** harshs has joined #openstack-ironic03:03
*** baoli_ has quit IRC03:05
*** baoli has joined #openstack-ironic03:06
*** Marga_ has joined #openstack-ironic03:10
*** vishwanathj is now known as vishwanathj_zzz03:10
openstackgerritTan Lin proposed openstack/ironic: Append 'Openstack-Baremetal-Request-ID' header to the response  https://review.openstack.org/23800803:11
*** harshs_ has joined #openstack-ironic03:13
*** Marga_ has quit IRC03:14
*** harshs has quit IRC03:15
*** harshs_ is now known as harshs03:15
*** rbudden has quit IRC03:15
*** baoli has quit IRC03:17
*** baoli has joined #openstack-ironic03:17
lazy_princelucasagomes: did you get a chance to review https://review.openstack.org/#/c/28778403:18
*** aginwala has joined #openstack-ironic03:19
*** links has joined #openstack-ironic03:19
*** phuongnh has joined #openstack-ironic03:21
*** baoli has quit IRC03:22
*** aginwala has quit IRC03:23
*** baoli has joined #openstack-ironic03:23
*** yuanying has quit IRC03:28
*** Marga_ has joined #openstack-ironic03:31
*** praneshp_ has joined #openstack-ironic03:33
*** Marga_ has quit IRC03:35
*** yuanying has joined #openstack-ironic03:38
*** achanda has quit IRC03:43
*** Sukhdev has joined #openstack-ironic03:47
*** Marga_ has joined #openstack-ironic03:52
*** Marga_ has quit IRC04:01
*** aswadr_ has joined #openstack-ironic04:01
*** Marga_ has joined #openstack-ironic04:01
*** baoli has quit IRC04:03
*** yuanying has quit IRC04:04
*** yuanying has joined #openstack-ironic04:06
*** chlong|wfh has quit IRC04:12
*** Sukhdev has quit IRC04:21
*** Sukhdev has joined #openstack-ironic04:21
*** lazy_prince has quit IRC04:21
*** chlong has joined #openstack-ironic04:25
*** achanda has joined #openstack-ironic04:32
*** suro-patz has joined #openstack-ironic04:35
*** saripurigopi has joined #openstack-ironic04:46
*** spandhe has quit IRC04:49
*** daemontool_ has quit IRC04:53
*** daemontool__ has joined #openstack-ironic04:53
openstackgerritShivanand Tendulker proposed openstack/ironic: Support configdrive in iscsi deploy for raw images  https://review.openstack.org/22511504:57
*** harshs has quit IRC05:05
*** harshs has joined #openstack-ironic05:07
*** suro-patz has quit IRC05:18
openstackgerritShivanand Tendulker proposed openstack/ironic-lib: Support configdrive in iscsi deploy for raw images  https://review.openstack.org/23092405:18
*** suro-patz has joined #openstack-ironic05:20
*** ChrisAusten has quit IRC05:25
*** suro-patz has quit IRC05:26
*** jaybeale has joined #openstack-ironic05:28
*** saripurigopi has quit IRC05:41
openstackgerritSivaramakrishna Garimella proposed openstack/ironic: WIP: add network drivers  https://review.openstack.org/28585205:42
*** praneshp_ has quit IRC05:46
*** praneshp_ has joined #openstack-ironic05:46
*** suro-patz has joined #openstack-ironic05:48
*** harlowja_at_home has quit IRC05:52
*** achanda has quit IRC05:55
*** lintan has quit IRC06:01
*** aginwala has joined #openstack-ironic06:03
*** lintan has joined #openstack-ironic06:06
*** ohamada has joined #openstack-ironic06:11
*** hoangcx has quit IRC06:15
*** hoangcx has joined #openstack-ironic06:16
*** ohamada has quit IRC06:25
*** ChubYann has quit IRC06:25
*** jaybeale has quit IRC06:30
*** Haomeng has quit IRC06:32
*** praneshp_ has quit IRC06:46
*** praneshp__ has joined #openstack-ironic06:46
*** Fdaisuke_ has joined #openstack-ironic06:54
*** Fdaisuke has quit IRC06:55
*** hoangcx has quit IRC06:56
*** hoangcx has joined #openstack-ironic06:56
*** davidlenwell has quit IRC07:01
*** praneshp__ has quit IRC07:03
*** aginwala has quit IRC07:07
*** davidlenwell has joined #openstack-ironic07:09
*** Sukhdev has quit IRC07:11
*** mkovacik__ has quit IRC07:21
*** ohamada has joined #openstack-ironic07:22
*** Haomeng has joined #openstack-ironic07:26
*** tesseract has joined #openstack-ironic07:28
*** tesseract is now known as Guest9125107:28
*** hoangcx_ has joined #openstack-ironic07:30
*** hoangcx has quit IRC07:31
*** hoangcx_ is now known as hoangcx07:32
*** rcernin has joined #openstack-ironic07:39
*** jtomasek has joined #openstack-ironic07:39
*** moshele has joined #openstack-ironic07:49
*** daemontool__ has quit IRC07:50
openstackgerritTan Lin proposed openstack/ironic: Adopt Ironic's own context  https://review.openstack.org/29566308:18
*** suro-patz has quit IRC08:19
*** athomas has joined #openstack-ironic08:23
*** ifarkas has joined #openstack-ironic08:27
*** openstackgerrit has quit IRC08:33
*** openstackgerrit has joined #openstack-ironic08:34
*** daemontool has joined #openstack-ironic08:34
openstackgerritNaohiro Tamura proposed openstack/ironic: iRMC power driver for soft power off and inject nmi  https://review.openstack.org/21674308:35
*** Fdaisuke_ has quit IRC08:40
*** pcaruana has joined #openstack-ironic08:40
*** _degorenko|afk is now known as degorenko08:41
*** harshs has quit IRC08:46
phuongnhHi all, while delploying Ironic via devstack, I got the error msg "server didn't become ssh-able!", devstack stops at line 848 Ironic file, please guide me to fix it08:46
*** lazy_prince has joined #openstack-ironic08:51
*** daemontool has quit IRC08:57
*** achanda has joined #openstack-ironic09:02
*** mbound has joined #openstack-ironic09:02
*** achanda has quit IRC09:02
*** mgoddard has joined #openstack-ironic09:03
openstackgerritZhenguo Niu proposed openstack/ironic: Restart consoles on conductor startup  https://review.openstack.org/25725209:05
lucasagomeslazy_prince, hi there, not yesterday, will do now09:13
*** hoangcx has quit IRC09:13
openstackgerritlokesh s proposed openstack/ironic: Add support for the audit middleware  https://review.openstack.org/27265809:15
*** derekh has joined #openstack-ironic09:17
*** hoangcx has joined #openstack-ironic09:18
*** ndipanov has quit IRC09:18
*** ndipanov has joined #openstack-ironic09:18
*** ndipanov has quit IRC09:18
*** ndipanov has joined #openstack-ironic09:19
*** Nisha has joined #openstack-ironic09:21
*** e0ne has joined #openstack-ironic09:22
*** vinm213 has joined #openstack-ironic09:25
vinm213morning ironicers09:25
pas-hamorning Ironic09:27
lucasagomesmorning09:28
* lucasagomes is sad for brussels :-/09:28
Nishamorning Ironic!!!09:29
ifarkasmorning all09:30
ifarkaslucasagomes, yeah, that's very sad :-(09:30
* vinm213 too sad about the incident09:31
*** mkovacik__ has joined #openstack-ironic09:32
*** div has joined #openstack-ironic09:33
divi am facing issue with devstack install09:33
divwhat is the local.conf parameter for install ironic in hardware nodes09:35
divcan anybody tell09:35
vinm213enable_plugin ironic https://git.openstack.org/openstack/ironic09:36
vinm213IRONIC_USING_PLUGIN=true09:36
*** athomas has quit IRC09:36
vinm213enable_service ironic ir-api ir-cond09:36
vinm213i think u need these things in local.conf09:36
pas-hayou do not need IRONIC_USE_PLUGIN any more09:37
divenable_service ironic enable_service ir-api enable_service ir-cond09:38
divi have enabled these09:38
pas-hadiv: IRONIC_IS_HARDWARE=True is probably what you need09:38
divis there anything specif for baremetal nodes need to be added09:38
alinebmorning all09:39
divthanks pas-ha, let me try with it09:40
*** athomas has joined #openstack-ironic09:41
divand the error i am getting during devstack install is,09:41
divopenstack object store account set --property Temp-URL-Key=password 2016-03-21 09:36:49.425 | Not Found (HTTP 404) 2016-03-21 09:36:49.453 | + /home/stack/devstack/lib/swift:swift_configure_tempurls:L1:   exit_trap 2016-03-21 09:36:49.453 | + ./stack.sh:exit_trap:L474:   local r=1 2016-03-21 09:36:49.454 | ++ ./stack.sh:exit_trap:L475:   jobs -p 2016-03-21 09:36:49.454 | + ./stack.sh:exit_trap:L475:   jobs= 2016-03-21 09:36:4909:41
divis swift missing any configuration in local.conf, so that it is failing with 404?09:42
*** electrofelix has joined #openstack-ironic09:44
vinm213are u running latest devstack and updated your requirements folder.09:45
divi have cloned the latest devstack09:46
divcan you tell me how to update the requirement since i am new to devstack09:46
vinm213if u had already run devstack once u see some directories in /opt/stack09:48
pas-haswift is not installed by default in devstack afaik, you have to enable it manually09:48
pas-hadiv: just for inspiration you might take a look at my sample for local.conf, uncomment stuff you need https://github.com/pshchelo/stackdev/blob/master/local.conf.sample09:49
pas-hagenerally Ironic requires Keystone, Neutron, Nova, Glance and Swift09:50
*** sambetts|afk is now known as sambetts09:50
vinm213but if it was not enabled, i wonder should we see that error? I think in your case it is enabled09:50
*** dims has joined #openstack-ironic09:51
pas-havinm213: not reallly. it seems swift temp url key has a default09:51
divi have enabled swift09:52
divenable_service s-proxy enable_service s-object enable_service s-container enable_service s-account09:52
pas-haalso need SWIFT_ENABLE_TEMPURLS=True09:53
divSWIFT_HASH=password SWIFT_TEMPURL_KEY=password09:53
divyes..SWIFT_ENABLE_TEMPURLS=True09:53
divi have set this as well09:53
divbut still i fails09:53
pas-hahmm.. then I'm out of ideas :(09:53
phuongnhDear all, while deploying Ironic via devstack, I got the error msg "server didn't become ssh-able!", devstack stops at line 848 stack/ironic/devstack/lib/ironic file and I cannot continue09:57
sambettsMorning all09:57
phuongnhmy deployment model is 2 VMs (Master VM and Guest VM) on KVM, Ironic is installed on the Master VM and try to deploy on Guest VM09:59
phuongnhI use the same local.conf file as on deployment document, just change password and network's configuration10:00
phuongnhbut I always fail at that line of code10:01
div: Unable to locate package liberasurecode-dev10:01
divdevstack fails with this error10:01
divcan anybody help10:01
openstackgerritSivaramakrishna Garimella proposed openstack/ironic: Add portgroups to support LAG interfaces - API  https://review.openstack.org/20624410:03
openstackgerritSivaramakrishna Garimella proposed openstack/ironic: Update the deploy drivers with network flipping logic  https://review.openstack.org/21326210:03
openstackgerritSivaramakrishna Garimella proposed openstack/ironic: WIP: add network drivers  https://review.openstack.org/28585210:03
*** dims has quit IRC10:04
*** mgould has joined #openstack-ironic10:04
lazy_princelucasagomes: thanks for review..10:10
lucasagomeslazy_prince, no problem, I didn't test it tho, but looks sane10:10
mkovacik__morning Ironic!10:11
lazy_princenow only if we can just get attention from tripleo guys to get it merged..10:11
lucasagomeslazy_prince, o/10:11
lucasagomeslazy_prince, one thing, actually I forgot to ask the author. There's an element called "grub2" that does some of that10:12
lucasagomesat least when it comes to package installation10:12
lucasagomesmaybe we should just merge the bootloader element with that grub2 element10:12
*** dims has joined #openstack-ironic10:12
vinm213div: you need to get the packages from source on to you'r system and install them using "dpkg -i ..."10:13
openstackgerritMilan Kováčik proposed openstack/ironic-inspector-specs: High Availability for Ironic Inspector  https://review.openstack.org/25367510:15
sambettsphuongnh: Do you have an ssh server running on the machine that your running devstack on ?10:16
vinm213i also had similar issues earlier10:17
sambettslucasagomes: I've been trying to get them to merge the tripleo localboot element and the grub2 element for a while but no one listened :(10:18
lucasagomessambetts, ouch, yeah there's def an overlap there10:19
lucasagomessambetts, did they give any reason not to merge it?10:19
sambettslucasagomes: nope... I started pushing them to do it when the grub2 element got broken, and the localboot element already had the fix for it, but then they just fixed it in a different way in the grub2 element :/10:20
lucasagomesouch :-/10:20
lucasagomessambetts, I left a comment on the patch let's see if someone says something10:21
openstackgerritVasyl Saienko proposed openstack/ironic: Update authorized_keys with new key only  https://review.openstack.org/29529310:21
sambettslucasagomes: link?10:21
mkovacik__guys, I'd like to appeal on reviewing the HA for inspector spec again ;) https://review.openstack.org/#/c/25367510:21
sambettslucasagomes: found it in the scroll back :)10:22
phuongnhsambetts: yes, I can use PuTTY to connect to the machine normaly10:22
lucasagomesheh you were quicker!10:22
sambettsphuongnh: what driver are you planning on running with your devstack install?10:23
mkovacik__lucasagomes, ifarkas, sambetts, aarefiev, devananda, mgould : https://review.openstack.org/#/c/253675  please ;)10:23
vinm213i have a quick question,10:23
sambettsphuongnh: By default Ironic devstack will run the pxe_ssh driver to control VMs created on the devstack host10:23
*** ipukha has joined #openstack-ironic10:24
phuongnhsambetts: I use default setting on local.conf file. I use pxe_ssh driver in row IRONIC_DEPLOY_DRIVER=pxe_ssh10:24
lazy_princelucasagomes: I will ask the author to look into grub2 element...10:26
vinm213Do we require to validate the size of block device, https://github.com/openstack/ironic-python-agent/blob/master/ironic_python_agent/hardware.py#L489-L490 here10:26
phuongnhsambetts: the default local.conf file mean the file in this page: http://docs.openstack.org/developer/ironic/dev/dev-quickstart.html#deploying-ironic-with-devstack10:27
vinm213i have a case where the /dev/sda size returned from "lsblk -Pbid" is returning lesser than this size10:27
vinm213and the deployment of the node is failing with image download error10:27
openstackgerritNisha Agarwal proposed openstack/ironic: Document partition image support with agent_ilo  https://review.openstack.org/29571010:28
openstackgerritVasyl Saienko proposed openstack/ironic: Update authorized_keys with new key only  https://review.openstack.org/29529310:29
lucasagomeslazy_prince, thanks!10:29
sambettslucasagomes: https://review.openstack.org/#/c/219612/ this was the patch that I discussed the localboot element merging with the grub2 one10:29
lucasagomesmkovacik__, ++10:29
*** achanda has joined #openstack-ironic10:31
*** achanda has quit IRC10:31
mkovacik__lucasagomes, sorry, what was it about? ;)10:31
lucasagomesmkoderer__, the spec for inspector10:31
* lucasagomes is reading10:31
mkovacik__lucasagomes, :) cool, thx10:33
*** sivaramakrishna has joined #openstack-ironic10:33
vinm213any one,any idea on this?10:34
sambettsphuongnh: can you please check that /opt/stack/data/ironic/ssh_keys/ironic_key and ironic_key.pub are being created successfully10:34
phuongnhsambetts: yes, they are created, but the ironic_key's right is rw-------  and ironic_key.pub's right is rw-r--r--, is that correct?10:38
*** sivaramakrishna has quit IRC10:40
sambettsphuongnh: yes, thats all fine10:48
openstackgerritLucas Alvares Gomes proposed openstack/ironic: Agent: Out-of-band power off on deploy  https://review.openstack.org/29182910:49
sambettsphuongnh: can you now check if your .ssh/authorized_keys contains a copy of the ironic_key.pub file10:50
*** hoangcx has quit IRC10:54
phuongnhsambetts: I have remark the check and run devstack again. now 2 ironic_key files are gone and in .ssh folder I found authorized_keys newly created11:02
Nishalucasagomes, hi11:04
phuongnhsambetts: I have to leave now, see you in next 2 hours11:04
Nishalucasagomes, i was adding disk_label for partition image support for agent drivers...i have some query11:05
lucasagomesNisha, hi there11:05
Nishalucasagomes, suppose the user adds the boot mode as uefi but the disk_label as msdos, what is the result11:05
TheJuliaGood morning everyone o/11:06
lucasagomesNisha, the disk will be partitioned with an MBR11:06
lucasagomesand will boot in uefi11:06
Nishalucasagomes, will that work for paryition images as well?11:07
Nishaand if viceversa combination is given?11:07
lucasagomesNisha, it should yes. UEFI does work with MBR partitions11:08
lucasagomestho some OSs may have problems with that (Windows e.g)11:08
lucasagomesNisha, http://superuser.com/questions/739153/uefi-with-mbr-partition-table?answertab=votes#tab-top11:08
lucasagomesor http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf#G9.134554711:08
Nishaand if boot_mode as bios and disk_label as gpt?11:09
Nishauefi with MBR is still valid combination but the other way its not11:09
lucasagomesNisha, that's fine too, GPT has an MBR in it and is backwards compat11:09
lucasagomestho, ofc there's always edge cases (some vendor BIOS may complain about it)11:09
Nishalucasagomes, ohk.11:10
Nishalucasagomes, thanks got it.11:10
*** phuongnh has quit IRC11:10
lucasagomesNisha, for if you have a disk that is > 2 TB you may want to use BIOS + GPT11:10
lucasagomesNisha, btw http://docs.openstack.org/developer/ironic/deploy/install-guide.html?highlight=disk_label#choosing-the-disk-label11:12
Nishalucasagomes, ok. so the same combination shud be fine for "partition image support for agent drivers"11:12
*** daemontool has joined #openstack-ironic11:13
lucasagomesNisha, yup11:14
lucasagomesthe feature was added to the ironic-lib, so it covers both11:14
lucasagomesagent and iscsi11:14
Nishayes , but work_on_disk() which is called in ironci for iscsi drivers has disk_label property, while for agent drivers work_on_disk() is called in IPA11:15
lucasagomesNisha, oh, and IPA is not passing the disk_label parameter there?11:16
* lucasagomes looks at the code11:16
Nishalucasagomes, no. As i wasnt sure of the testing part i didnt added it11:17
*** Keedya has joined #openstack-ironic11:17
NishaI am just putting up the patch for it in some time11:17
lucasagomesNisha, alright11:18
*** Keedya has quit IRC11:20
alinebcould anyone please take a look at https://review.openstack.org/#/c/289256 ? It’s a follow-up patch for the --json option. Thanks!11:21
lucasagomesNisha, mind if I take a stab on that? I have want to test the agent_ partition images anyway11:27
Nishayes sure11:32
Nishalucasagomes, so i need not add a patch fot that ?11:33
Nishaif you are taking care of it?11:33
lucasagomesNisha, unless you already started it11:33
NishaI started, but you can do. I have a very minor bug to fix in IPA and ironci for partition images support in agent drivers11:34
*** sturivnyi has joined #openstack-ironic11:34
openstackgerritTan Lin proposed openstack/ironic: Add require_exclusive_lock decorators to conductor methods  https://review.openstack.org/29573411:35
Nishalucasagomes, i propose it it will help if u review it11:35
lucasagomesNisha, cool sure!11:35
lintanhi jroll, jivillal and zhenguo_, I submit a patch to fix the log request issue for inspector, please take a look at it when you have time: https://review.openstack.org/#/c/295663/11:39
*** dprince has joined #openstack-ironic11:45
*** libu has joined #openstack-ironic11:47
divstill facing swift issue during devstack11:50
divopenstack object store account set --property Temp-URL-Key=password 2016-03-21 09:36:49.425 | Not Found (HTTP 404)11:50
divcan anybody help11:51
*** jcoufal has joined #openstack-ironic11:52
openstackgerritVasyl Saienko proposed openstack/ironic: Update authorized_keys with new key only  https://review.openstack.org/29529311:54
*** libu has quit IRC12:01
alineblucasagomes: Thanks for your review! Should I update the commit message? (sorry, i am not sure about how this works after the gate jobs have started...)12:03
lucasagomesalineb, I think it's fine, don't worry12:04
alineblucasagomes: ok, thank you!12:04
lucasagomesalineb, thank you for the patch (-:12:05
*** trown|outtypewww is now known as trown12:05
*** moshele has quit IRC12:06
*** moshele has joined #openstack-ironic12:06
openstackgerritLucas Alvares Gomes proposed openstack/ironic-inspector: Better error handling when converting eDeploy data  https://review.openstack.org/29532712:08
*** baoli has joined #openstack-ironic12:10
openstackgerritNisha Agarwal proposed openstack/ironic: Add disk_label for partition images for agent drivers  https://review.openstack.org/29575112:18
*** smoriya_ has quit IRC12:18
Nishalucasagomes, ^^^12:21
trownlucasagomes: would you mind looking at https://review.openstack.org/#/c/286070/ last barrier to lighting the bash deploy ramdisk on fire12:21
NishaIPA patch on the way12:21
*** lazy_prince has quit IRC12:21
lucasagomesNisha, trown cool, I will take a look in a sec12:23
trownthanks :)12:23
Nisha:)12:23
openstackgerritMerged openstack/python-ironicclient: Improve output of --json option  https://review.openstack.org/28925612:25
*** afaranha has joined #openstack-ironic12:26
*** raildo-afk is now known as raildo12:30
*** mtanino has joined #openstack-ironic12:30
*** lazy_prince has joined #openstack-ironic12:33
*** josh has joined #openstack-ironic12:37
*** josh is now known as Guest9914912:38
*** killer_prince has joined #openstack-ironic12:38
*** Goneri has joined #openstack-ironic12:39
*** killer_prince has quit IRC12:40
*** vdrok has quit IRC12:42
*** vdrok has joined #openstack-ironic12:43
openstackgerritNisha Agarwal proposed openstack/ironic-python-agent: Add disk_label support for partition images  https://review.openstack.org/29576612:46
Nishalucasagomes, IPA patch disk_label ^^^12:47
*** moshele has quit IRC12:49
*** moshele has joined #openstack-ironic12:50
openstackgerritGonéri Le Bouder proposed openstack/ironic-python-agent: iscsi: wipe part table before starting the target  https://review.openstack.org/28434712:55
*** moshele has quit IRC13:00
*** links has quit IRC13:01
*** dims_ has joined #openstack-ironic13:02
*** dims has quit IRC13:02
*** lazy_prince has quit IRC13:07
*** rbudden has joined #openstack-ironic13:07
*** lucasagomes is now known as lucas-hungry13:07
*** daemontool has quit IRC13:07
*** lazy_prince has joined #openstack-ironic13:08
*** daemontool has joined #openstack-ironic13:09
openstackgerritMerged openstack/pyghmi: Have ipv6 addresses always be represented as list  https://review.openstack.org/29550613:10
*** baoli has quit IRC13:15
*** chopmann has joined #openstack-ironic13:16
*** baoli has joined #openstack-ironic13:16
*** moshele has joined #openstack-ironic13:17
*** mtanino has quit IRC13:17
jrollNisha: so, the agent partition images work is not done??13:26
jrollmorning everyone13:27
sambettso/ jroll13:28
*** Guest99149 has quit IRC13:28
*** baoli has quit IRC13:40
*** baoli has joined #openstack-ironic13:41
*** ametts has joined #openstack-ironic13:44
jrolllintan: idk if you're around - mind if I update https://review.openstack.org/#/c/238008/10?13:45
*** alexpilotti has joined #openstack-ironic13:47
*** daemontool has quit IRC13:48
sambettsgah! gerrit is really annoying me right now ... I'm trying to leave a comment and everytime I type a word it scrolls down the page for no reason...13:54
*** daemontool has joined #openstack-ironic13:54
*** spandhe has joined #openstack-ironic13:56
TheJuliasambetts: I've found I just have to reload the page when stuff like that starts happeneing :(13:56
TheJuliaalso found it won't let me scroll up13:56
*** ohamada has quit IRC13:56
sambetts:(13:56
sambettsreload didn't help :(13:57
TheJulia:(13:58
*** mgoddard_ has joined #openstack-ironic13:59
*** spandhe has quit IRC14:00
*** ohamada has joined #openstack-ironic14:00
*** mtanino has joined #openstack-ironic14:01
*** mgoddard has quit IRC14:03
zigoHi over here!14:05
zigoI have an issue when building the sphinx-doc for Ironic.14:05
zigohttp://paste.debian.net/418062/14:05
zigo(when building the Debian package for 5.0.0)14:05
zigoWhat's going on?14:05
*** links has joined #openstack-ironic14:05
jrollzigo: interesting...14:05
NobodyCamGood morning Ironicers14:06
TheJuliagood morning NobodyCam14:06
jrollzigo: it certainly works in the gate :/14:06
zigojroll: Do you have a "it works in devstack" t-shirt? :)14:06
zigo:P14:07
TheJulialol14:07
*** cdearborn has joined #openstack-ironic14:07
jrollzigo: what I mean is, it looks like a code bug, but it works elsewhere14:07
zigojroll: Sure, just trying to be funny... :P14:07
jrollthere's some magic here https://github.com/openstack/ironic/blob/master/ironic/objects/__init__.py14:07
jrollso maybe that method isn't getting called for whatever reason14:08
jrollzigo: what command are you using to build it?14:08
*** Nisha has quit IRC14:08
zigojroll: PYTHONPATH=$(CURDIR) sphinx-build doc/source $(CURDIR)/debian/ironic-doc/usr/share/doc/ironic-doc/html14:08
NobodyCamgood morning TheJulia jroll jlvillal devananda mgould sinval sambetts lucas-hungry dtantsur|pto gabriel-bezerra and everyone else not directly listed here :)14:08
*** achanda has joined #openstack-ironic14:09
jrollhrm14:09
sambettso/ NobodyCam14:09
zigoQuite standard ...14:09
TheJuliashouldn't the doc be built in the venv?14:09
zigoTheJulia: That's in the context of building the Debian package, so no venv, no tox, no pip...14:10
TheJuliahmmm14:10
*** achanda has quit IRC14:10
mgouldNobodyCam, TheJulia jroll sambetts zigo morning14:10
jrollzigo: okay, I can reproduce that over here14:11
zigoAh, good! :P14:11
jrollzigo: I'm wondering what the difference is between that command and what 'setup.py build_sphinx' does14:11
NobodyCam:)14:11
zigoOh, I wonder why I don't have -b html ...14:12
*** baoli has quit IRC14:12
sambettso/ mgould14:13
*** baoli has joined #openstack-ironic14:13
* zigo tries again with -b html14:13
zigoSame stuff, obviously...14:14
jrollzigo: so nova has similar code, does this same command work for nova?14:14
jroll(code meaning import magic)14:14
*** vinm213 has quit IRC14:14
zigoYup.14:14
zigoFor nova, I do:14:14
zigosphinx-build -b html doc/source $(CURDIR)/debian/nova-doc/usr/share/doc/nova-doc/html14:14
zigoI do this kind of stuff for maybe 99.99% of all of OpenStack ! :)14:15
jrollhrm14:15
jrollzigo: anyway, could you please file a bug, this is going to take some digging14:16
zigoOk, doing it now.14:19
*** dims_ has quit IRC14:19
jrollthanks14:19
*** lucas-hungry is now known as lucasagomes14:21
lucasagomesjroll, NobodyCam zigo TheJulia morning14:21
TheJuliagood morning lucasagomes14:21
zigohttps://bugs.launchpad.net/ironic/+bug/156050814:21
openstackLaunchpad bug 1560508 in Ironic "Cannot build sphinx doc in Debian for the 5.0.0 release" [Undecided,New]14:21
zigolucasagomes: Hi !14:21
*** achanda has joined #openstack-ironic14:23
openstackgerritZhenguo Niu proposed openstack/ironic: [Devstack]Add ability to enable shellinabox SSL certificate  https://review.openstack.org/28967114:23
*** moshele has quit IRC14:24
*** div has quit IRC14:27
*** mgould has quit IRC14:28
jroll\o lucasagomes14:30
*** openstackgerrit has quit IRC14:33
*** openstackgerrit has joined #openstack-ironic14:34
*** mgould has joined #openstack-ironic14:35
*** jaybeale has joined #openstack-ironic14:35
*** jaybeale has quit IRC14:35
*** ohamada has quit IRC14:35
jlvillalGood morning NobodyCam jroll zigo lucasagomes sambetts mgould TheJulia and everyone else :)14:39
sergeko/ jlvillal14:40
jlvillalHi sergek :)14:40
TheJuliagood morning jlvillal14:41
*** e0ne has quit IRC14:41
jrollzigo: this wfm https://review.openstack.org/#/c/295868/14:41
*** baoli has quit IRC14:42
zigojroll: Thanks a lot, testing it right away.14:42
jrollthanks14:42
*** baoli has joined #openstack-ironic14:42
*** links has quit IRC14:42
jrollquite the silly bug, still am not sure why we don't see it in the gate environment :/14:43
jrollzigo: I also noticed there's some warnings that go away with -a, you may want to use that?14:43
*** achanda has quit IRC14:43
zigoOk.14:43
*** absubram has joined #openstack-ironic14:46
*** moshele has joined #openstack-ironic14:47
zigojroll: This fixes it for me, thanks again, voting +1.14:47
*** lazy_prince has quit IRC14:48
jrollzigo: nice, ty14:48
jrolllucasagomes: mind reviewing 295868? it's pretty nasty, idk if there's a better way though14:49
zigoUploaded Ironic 5.0.0 to Debian Experimental.14:49
jrollwoot, thanks!14:49
lucasagomesjroll, will do in a sec (I'm in a call)14:49
zigoFYI, it will go to Unstable (and therefore testing) with the rest of Mitaka when then we have a final release.14:49
*** jaybeale has joined #openstack-ironic14:49
*** ohamada has joined #openstack-ironic14:49
jrolllucasagomes: no worries14:50
jrollzigo: we've got a 5.1.0 coming this week for the final mitaka release, jfyi14:51
zigoGood to know.14:51
*** ayoung has joined #openstack-ironic14:51
zigoWill there be a new ironic-inspector too?14:51
zigoOr just 3.2.0 like I just uploaded?14:52
TheJuliaI believe, based on the notes I saw yesterday that 3.2.0 is intended to be the mitaka release for inspector14:52
zigook14:52
ayoungHey guys...long time listener, first time caller.  Love the show.  Question about IPMI based compute node bringup.  Is it possible to inject a file ( a secret key) per node when doing openstack server create ?14:53
jrollzigo: TheJulia: correct, 3.2.0 is mitaka ironic-inspector14:53
jrollzigo: we just released ironic-python-agent 1.2.0 as mitaka, ironic, ironic-ui, and bifrost are coming this week14:53
sambettsayoung: http://docs.openstack.org/user-guide/cli_provide_user_data_to_instances.html14:53
TheJuliaayoung: Awesome!  So, openstack server create as in the OSC command line?14:54
zigoironic-python-agent?14:54
ayoungsambetts, ok, so how does that data get down to the node?  Is it secure?14:54
zigoI didn't know about it.14:54
jrollzigo: yeah, dunno if you package that, IMO it doesn't need to be packaged14:54
zigoI didn't know there was a plugin for horizon either.14:54
ayoungTheJulia, yeah...use it in Tripleo.  I can get you the exact command...14:54
zigoDo you know if ironic-ui is Django 1.9 ready?14:54
TheJuliazigo: the horizon plugin is in early development14:54
zigoI can't upload it if it's not.14:54
ayoungTheJulia, http://adam.younglogic.com/2016/03/host-tripleo-overcloud/14:54
sambettsayoung: the file is either loaded using the nova metadata service or config drive14:55
*** mgoddard_ has quit IRC14:55
TheJuliazigo: betherly ^^^14:55
zigoHorizon gained Django 1.9 compat since yesterday, so I could finally upload it to Debian.14:55
*** mgoddard has joined #openstack-ironic14:55
jrollzigo: ironic-python-agent is a python app to destroy (or image!) a machine, intended to run in a ramdisk. IMO I never want to apt-get install that :)14:55
zigoI already started fixing some of the plugins (I have 2 patches for sahara-dashboard for example).14:55
jrollzigo: all ironic-ui questions may be directed to betherly14:55
zigoOk.14:55
zigojroll: FYI, for running in a ramdisk, I use debian-live ! :)14:56
zigoIt works super well.14:56
ayoungsambetts, so metadata server is out.  Its essentially a public website, visible by everything on the metadata network, so all Ironic hosts.14:56
zigoThat's how I run tempest functional tests for my packages.14:56
jrollsambetts: ayoung: if using configdrive, it is not terribly secure - the configdrive is stored in either ironic's database or swift, not encrypted14:56
zigoRe-image? Just reset ... :P14:56
TheJuliaayoung: what sambetts said, that being said, if a configuration drive is used, it can only be trusted on the first boot-up of a machine14:56
jrollzigo: neat, we use coreos with a debian chroot14:56
TheJuliaand could be modified by a sufficently permissioned user after the fact once on disk...14:57
TheJuliatl;dr, putting secret files in config drives is generally not a great idea14:57
jrollmetadata service can be secure, fwiw, if your network is secure (as I understand it)14:58
ayoungjroll, so, we only need to put a one-time-password in it.  If it is stored unencrypted it is ok, so long as not "everyone" can fetch it.14:58
jrollayoung: right, so only ironic operators and people with access to that server can fetch it14:58
ayoungI have to admit I don't 100% understand the Ironic boot process.  I assume it starts with an IPMI wakeup...I thought it would be PXE, but I guess not?14:58
*** saripurigopi has joined #openstack-ironic14:59
TheJuliaayoung: depends on how the node is deployed, if it is a whole disk image, partition image, if the node is requested to always netboot14:59
jrollayoung: let me find you a doc :)14:59
*** lazy_prince has joined #openstack-ironic14:59
*** jaosorior has joined #openstack-ironic14:59
*** izaakk has joined #openstack-ironic15:00
ayoungjroll, thanks.  This "initial safe enroll" thing has been a moving target.15:00
jrollayoung: these two diagrams may be helpful http://docs.openstack.org/developer/ironic/deploy/user-guide.html#example-1-pxe-boot-and-iscsi-deploy-process15:00
*** rcrit_ has joined #openstack-ironic15:00
ayoungrcrit_, last line was15:01
ayoung ayoung: these two diagrams may be helpful http://docs.openstack.org/developer/ironic/deploy/user-guide.html#example-1-pxe-boot-and-iscsi-deploy-process15:01
jrollayoung: there are some other drivers that use virtualmedia instead of pxe15:01
jrolland attach an iso through that channel15:01
ayoungso PXE does a tftp fetch, which does not really have any security in it.  I was hoping IPMI would drop a key there that could be used as part of the kernel boot or something...15:01
ayoungBut I guess it is just a "dumb" power on.15:02
ayoungconductor could, in theory, inject a keypair into the image it returns in the tftp response15:03
jrollright, so15:03
jrollipmi is dumb, it can't do anything fun15:03
jrollsome hardware with virtualmedia can securely attach the image15:03
jrollhowever15:03
jrollconfigdrive is always transferred via iscsi or http15:04
jrolltftp is only the deploy ramdisk (except in vmedia case) and the kernel/ramdisk of the user image in most cases15:04
*** alexpilotti has quit IRC15:07
rcrit_jroll, what about the nova injected files?15:07
*** keedya has joined #openstack-ironic15:07
ayoungjroll, there were some security extension for IPMI, but I was not clear if they were Cisco specific\15:08
*** suro-patz has joined #openstack-ironic15:08
ayoungrcrit_, config drive15:08
jrollrcrit_: those go via configdrive15:08
ayoungthat was earlier in our conversation.15:08
rcrit_ok, sorry missed that15:08
jrollayoung: right, but IPMI cannot inject files, whether it's secure or not15:08
ayoungso that is fetched from the conductor Database (or swift)15:08
jrolland IPMI is insecure as heck15:08
rcrit_is the nova vendoradata plugin supported?15:08
rcrit_to provide custom cloud-init scripts?15:08
jrollI believe so yeah, we inject vendor data in our deployment15:09
jrollnova builds the configdrive as usual, we just write it to a partition15:10
ayoungso that is still configdrive15:11
sambettsIf your running the metadata service user data or vendor data can be downloaded from there also15:11
rcrit_nice15:11
ayoungwhat I would really like is a way that a machine could do a post "here is my public key" and a way to validate, networkwise, that it came from the right machine15:12
ayounglike,  something at the layer 2 level:  it came from macaddress fooo and we know that came over the right port.15:13
sambettswell with config drive you don't need that because we directly write the data to the machines disk15:14
ayoungsambetts, oh?15:14
lucasagomesjroll, uu :-( odd that it only failing in debian tho15:14
jaosoriorayoung: not sure if we could make that work... you could easily do mac spoofing15:14
ayoungsambetts, can we lock it down so that only that machine gets it somehow?15:14
ayoungjaosorior, yeah, yeah...that is why the port check...but I am not inventing a security algorthm here. I know better15:14
ayoungjust dreaming15:14
jaosoriorayoung, rcrit_: We fall back to the issue we were dealing with before. the contents of the injected files and the network info are gonna be available in the metadata service15:15
jrolllucasagomes: yeah, weird15:15
sambettsayoung: thats what happens anyway, during the deploy process, at the same time as we write the glance image to the node, we also write a config drive partition specificly generated for that node15:15
ayoungsambetts, when you say "we write  the data to the machines disk" what protocol is that done over?15:15
sambettsiscsi15:16
jrollwell15:16
rcrit_jaosorior, I think this might be a special case as it is written to disk and available only to a booted machine AFAIU15:16
jrolllike I said before, configdrive may be transferred over iscsi, http(s), virtualmedia15:16
jrolldepending on hardware/drivers15:16
sambettsjroll: +=15:16
sambetts++15:16
*** achanda has joined #openstack-ironic15:17
*** garthb has joined #openstack-ironic15:17
ayoungright, so we could only "guarantee" the delivery in an iscsi TLS case15:17
jaosoriorrcrit_ https://github.com/openstack/nova/blob/master/nova/virt/ironic/driver.py#L65315:17
jroll?15:17
jrollhttps isn't secure enough?15:18
jrollor virtualmedia over tls?15:18
ayoungjroll, actually, for this usage, https should be sufficient, too.15:18
jrollright15:18
jrollayoung: I don't believe we support iscsi over TLS today, but I may be wrong15:18
ayoungI more worried about passive evesdropping than a man in the middle for the boot process.15:19
ayoungI'm15:19
jrollsure15:19
*** sinval has quit IRC15:20
jrollactually I don't think the agent can listen for tls yet either, that throws that out15:20
*** harlowja_at_home has joined #openstack-ironic15:20
jrollhonestly if you're going for max security, I'd go with ilo + virtualmedia + swift driver15:20
jaosoriorjroll: Why not?15:20
* jroll findds link15:20
jrolljaosorior: it would have to be a client cert situation, you'd have thousands of these agents and they're super ephemeral15:21
jaosoriorI see15:21
sambettsayoung: is there a reason your running your Ironic provisioning network on your public network? can you not make the machine accessible via a natted floating ip?15:21
ayoungsambetts, assume a node is compromised, and all bets are off15:21
jaosoriorwell, the provisioning network shouldn'15:22
jaosoriorshouldn't be in the public network15:22
ayoungso, this is the provisioning network.15:22
jaosoriorit should be separate from the external and even the internal API networks15:22
* jaosorior talking about TripleO15:22
* ayoung trying to replace the screendoor on his submarine.15:23
ayoungsambetts, so, we are trying to come up with an enrollment process for all the deployments, and just trying to figure out the rules of the game.15:24
TheJuliawhat do you mean by enrollment?15:24
ayoungWe were just looking at Nova and booting image there, but realized that Ironic, due to its variety of boot processes, might have different rules15:24
ayoungTheJulia, I mean "how do you identify a server?"15:25
TheJuliaayoung: identify an already known server?15:25
ayoungTheJulia, so, say you want to use ssh to a machine, how do you know you have the right machine?15:25
*** suro-patz has quit IRC15:25
TheJuliatrue, so we should avoid the word enrollment in that case15:25
TheJuliasince we have an enrollment state that new nodes are added into15:26
jrolllet's step back a moment15:26
ayoungTheJulia, well, we mean it as short for "enroll an client into the Identity management system"15:26
jrollayoung: how would you do this for a vm?15:26
TheJuliaayoung: ahh15:26
jaosoriorjroll, sambetts: dumb question; Once the injected files are persisted to the configdrive. Can one still access that data via the metadata service? Or does it not get persisted there?15:26
ayoungjroll, we actually have a lot of the same problems there15:26
ayoungjroll, rcrit_ had a proof of concept working with nova hooks, but really, there was no good solution yet15:27
jrollayoung: yeah, so from the nova user perspective we intend to behave like any nova VM (with some extra horsepower and a few caveats)15:27
ayoungI was looking into securing the message queue and getting the information that way, but with Ironic, there is no Queue listener on the node.15:27
ayoungjroll, and that assumes that the compute node itself can be trusted15:27
ayoungand...well, how do we provision compute nodes...ironic...15:28
ayoungand thus we are bothering you and flooding your chat room this morning15:28
jrolljaosorior: yes, configdrive == metadata service, in terms of data. delivery method is the only variance.15:28
jrollayoung: right, so solving this from the nova user perspective (for both virt and bare metal) is the right thing to do, in my mind15:28
rcrit_but in this case  the metadata service is local to the box right? We're not talking metadata service over HTTP right?15:29
ayoungrcrit_, nope.  It is on the provisioning server15:29
jrollayoung: because your undercloud is just another nova deployment (that happens to use the ironic driver)15:29
ayoungjroll, If I can secure the message queue, I can solve it for the overcloud15:29
ayoungfor the undercloud, I need a way to secure the initial bringup process15:30
ayoungAnd, it sounds like a fools errand at this point15:30
jrollayoung: only if you are an operator with access to the queue no?15:30
ayoungI'm used to those.  I work on Keystone15:30
jrollayoung: anyway, if you can secure the undercloud's message queue, you can use the same method, right?15:30
ayoungjroll, not quite.  In the undercloud, there is no message listener on the host being brought up.  Its all PXE type stuff15:31
jrollayoung: well, we still have nova-compute hosts15:31
ayoungovercloud is only as secure as the undercloud.  Undercloud is only as secure as the hardware provisiong15:31
jrollI guess I'd need to understand the solution involving the queue15:31
jrollbefore I can say if that would work15:32
*** vishwanathj_zzz is now known as vishwanathj15:32
ayoungjroll, in the case of the overcloud, the openstack compute process is running on the hypervisor node15:32
ayoungmayeb not in a vsphere deployment, but they have their own security from there on down anyway15:32
ayoungbut for Centos/libvirt15:32
jrollok sure, and the end goal is instance ssh host keys being passed back to the nova user, right?15:33
ayoungso you have a secure way of delivering a message to the compute.  I am not saying, by the way, that this is a solved problem15:33
ayoungjroll, right15:33
jrollso how does the hyp get the host keys?15:33
ayoungjroll, here is what I would love to see, if I were dreaming15:33
ayoungon the outside of every machine I rack, it had a public key printed that I could scan in using a barcode reader15:34
ayoungwhen it pxebooted, part of the request includes a Certificate Signing Request or something comparable15:34
ayoungthat CSR would be compared with the public key off the server, and, bang, I know I have the right server.15:35
ayoungjroll, private key never leaves the newly provisioned host15:35
jrollright, so I'm even more confused now15:35
ayoungjroll, its ok, it took me years to get this warped15:36
ayoungjroll, the thing that I am looking for is a way to trust a machine from as early in the install process as possible15:36
devanandamorning, all15:36
jrollbut AIUI, all you really need is for the ssh (public) host key that are within the already provisioned bare metal node, to be passed back to nova for the api user to fetch15:36
ayoungand to avoid having secrets go across the network if possible.  Just trying to get at the assumptions15:36
ayoungjroll, right...when I say CSR, that is really the same thing.15:37
ayoungthe ssh public key15:37
jrollright.15:37
jrollso I believe that this is a nova problem, that should be solved for all nova instances15:37
sambettsduring the install process the node is completely wiped and overwritten so how could you store anything on it unless something hardware specific ?15:38
jrolland honestly probably does not depend on the virt driver, as no virt driver should have access to read keys from the instance itself15:38
ayoungjroll, so, yeah.  If cloud-init kicked off an ssh-keygen, then the question would be "how do we trust that key K is from server S?"15:38
jrollthe only way I really see to do that is auth by IP address15:39
TheJuliacreate an api where the public key can be posted someplace along with a profile of the hardware15:39
jrolland make damn sure your network is secure enough that IPs cannot be spoofed15:39
ayoungTheJulia, I think that is "necessary"15:39
ayoungjroll, hence me muttering about layer 2 and all that earlier. Now I am warping you...15:39
*** awiddersheim has joined #openstack-ironic15:39
TheJuliait is similar to what occurs when IPA phones home, we compare the hardware and then record the node's IP address to call back to15:39
jrollayoung: there's no way we can run code inside a nova instance, whether virt or bare metal15:39
openstackgerritGonéri Le Bouder proposed openstack/ironic-python-agent: iscsi: wipe part table before starting the target  https://review.openstack.org/28434715:39
ayoungjroll, we can kcik something off with cloud-init15:40
sambettsjroll: unless they want to inject a script via config-drive or metadata15:40
TheJuliaayoung: this really sounds like a cloud-init kind of feature15:40
jrollayoung: unless it is injected into the image/configdrive, which is not an ironic-specific problem15:40
ayoungjroll, right...which is why we were looking in to how is the configdrive delivered15:40
ayoungright now that sounds like the best option15:40
* devananda catches up on the conversation15:40
jrollayoung: well, I still think it's bad to pass secrets in the configdrive (whether vm or bm), because the operator can access that15:41
jroll(in the general case)15:41
TheJuliaayoung: but that means your centralizing that potentially, just seems a little more risky if that host is compromised15:41
jroll++15:41
TheJuliathe phone home concept, seems the most sane15:42
*** alexpilotti has joined #openstack-ironic15:42
rcrit_but phone home with what? How do you prove possession?15:42
sambettsmac address?15:42
ayoungjroll, so, when I did my first proof of concept, the flow was like this:  1.  Contact the identity provider and create a host entry, including a OTP (one time password).  2.  Call nova boot with the OTP in the user-data.  3.  Have cloud-init  call a script that used the OTP to autoregister the instace with the identity provider15:42
TheJuliahardware profile15:42
jrollneither, IP address15:43
ayoungso, while it was on the config drive, the window was small: just during the boot process15:43
jrolland make sure things can't spoof ip addresses15:43
*** alexpilo_ has joined #openstack-ironic15:43
rcrit_ayoung, the thing is though if we make a general system then someone may put longer-term secrets in there which would be bad15:43
TheJuliaeh, I think spoofing the ip would be really easy if one has compromised the environment15:43
jrollayoung: I guess that works in the undercloud case where you trust your provider, I would not trust that as a public cloud user15:44
jrollTheJulia: not if your ToRs prevent it :)15:44
ayoungrcrit_, agreed.  I was the one that origianlly objected. As I said "proof of concept"15:44
jlvillaldevananda: I think you did a +2 on this before: https://review.openstack.org/#/c/287306/   Not sure if you could give it a quick look again?15:44
jrollif you've compromised the network it's all over anyway15:44
devanandaayoung: as jroll said previously, there are mechanisms in place to securely pass data into the Ironic instance, if the hardware and the driver supports virtual media15:44
devanandaayoung: but it also sounds like you're trying to solve a special case (cloud operator deploying cloud resources) within the constraints of a general case (cloud user wishes to trust the cloud but can't control the boot process)15:44
TheJuliajroll: what if I did it in the controlplane? *ducks*15:44
ayoungjroll, so, if we can secure the undercloud, we could then deliver secrets via the message queue (assume we secure that)15:44
ayoungwhen deplouying in the overcloud15:44
NobodyCammorning devananda15:45
ayoungyeah, soundsl ike the virtualmedia approach is the best.  Looks like that is tied to ilo?15:45
jrollayoung: right, I think your best option today, for tripleo's case, is what you're doing, and use virtualmedia15:45
jrollI believe irmc also has it, maybe drac?15:45
*** dims has joined #openstack-ironic15:45
devanandaayoung: I fail to see why you're constraining the securitization of the undercloud deployment methods within the untrusted framework of a public cloud or shared network environment15:45
openstackgerritSivaramakrishna Garimella proposed openstack/ironic: Update the deploy drivers with network flipping logic  https://review.openstack.org/21326215:45
*** sivaramakrishna has joined #openstack-ironic15:46
ayoungdevananda, let me try and parse that...15:46
jaosoriordevananda: Cause this solution is not only meant for the undercloud deployment15:46
devanandajaosorior: ahh, ok15:46
jrollwell, I don't think the solution of posting passwords to the identity service is a good solution for the public cloud case15:46
jrolls/passwords/secrets/15:47
*** alexpilotti has quit IRC15:47
ayoungdevananda, ok, so If i understand the problem correctly, the security of any layer is dependent on the layer below it.  We can't securely identify things in the overcloud if we can't already do that in the undercloud15:47
jrollthen again, maybe it's "good enough"15:47
sambettsjroll: I think they would be posting their pub key and therefore never transfering the private key on the network15:47
ayoungso I am trying to push it back as early in the process as we can, to the provisioning of the bare metal machines15:47
*** Nisha_away has joined #openstack-ironic15:47
jaosoriorposting secrets to the identity service? jroll, are you talking about the OTPs for FreeIPA that ayoung mentioned?15:47
jrolljaosorior: yep15:48
jrolllike I said, probably close enough15:48
devanandaayoung: yes. however, the constraints placed upon a public cloud are different -- a user is not also a privileged operator15:48
*** alexpilo_ has quit IRC15:48
devanandaayoung: whereas in the undercloud, AIUI, that same level of privilege separation does not apply15:48
*** Sukhdev has joined #openstack-ironic15:48
ayoungdevananda, understood.  And maybe the constraints I am placing on the process are too draconian.15:49
jrollI mean, the dream is a perfectly secure deployment15:50
ayoungMy assumption, though, is that even the underclouds will grow large enough that securing them will need to be automated.  Its one thing when you have 10 machines in one rack, and something different  when multisite  100K node deployments are in place15:50
jrollwhether that's an ironic public cloud or some undercloud15:50
jrollso "too draconian" isn't ever a thing15:50
ayoungheh15:50
*** saripurigopi has quit IRC15:50
devanandaayoung: securing the deployment process is a thing that has to happen, and yea, I agree with jroll on "there's always going to be room to make it more secure"15:51
ayoungand, if we have soemthing that can work in "some" configuration, but not all, at least we can architect toward that configuration . "Yes, we can do IPMI, but we can only do it secure with ILO or DRAC" for example15:51
devanandaayoung: I believe that ^ is what we've been saying15:51
jrolldeployments with IPMI can still be very secure15:51
ayoungso if we say "use config drive to get the OTP on to the newly provisioned machines, and it will be secure if you do x , y, z" it is a start15:51
* jroll should do a blog post on "super secure ironic deployments with pizza box servers"15:52
devanandajroll: ++15:52
TheJuliajroll: ++15:52
ayoungjroll, I would love to read that15:52
* TheJulia would like the pizza though15:52
jrollayoung: the biggest things are: use swift for configdrive transfer, use swift as the backend for images with the agent driver (https), and secure the hell out of your network15:53
jrolluse https for ironic api15:53
jrollthis should give you encrypted everything except ipmi power control, and lock down that network15:53
jrollthere's a few small holes to plug but this gets you most of the way there15:54
ayoungjroll, why swift?15:54
ayoungthe rest I get15:54
TheJuliatempurl capability15:55
jrollayoung: because in the normal case, the configdrive is transferred from ironic -> agent via http, and there isn't a tls mechanism in place there15:55
*** dims_ has joined #openstack-ironic15:55
Nisha_awayjroll, following minor patches were raised for partition images for agent drivers https://review.openstack.org/295751, https://review.openstack.org/295766, https://review.openstack.org/29571015:55
*** dims has quit IRC15:55
Nisha_awaythese are minor patches15:55
jrollNisha_away: oh there you are15:55
ayoungjroll, but swift has https?15:55
jrollNisha_away: I created the stable/mitaka branch last night for IPA15:55
*** sivaramakrishna has quit IRC15:55
Nisha_awayoh15:55
jrollayoung: yes, the problem is the api server on the agent can't do tls today, because certs are hard15:56
Nisha_awayjroll, then we dont have disk_label support fo rpartition images for agent drivers in Mitaka :(15:56
jrollNisha_away: that may be backportable but it'll need to wait15:56
devanandaayoung: yes. and tempurls act similarly to OTP plus data over HTTPS15:56
jrollI understand15:56
Nisha_awayok15:56
jrollNisha_away: actually, could you file a separate bug for something like "cannot use gpt with partition images in agent driver" for those patches?15:57
openstackgerritKyrylo Romanenko proposed openstack/python-ironicclient: Add CLI tests to check JSON response body  https://review.openstack.org/29123915:57
Nisha_awayjroll, actually ironic_lib will automatically assign disk_label if nothing is sent while calling work_on_disk()15:58
openstackgerritZhenguo Niu proposed openstack/ironic: Restart consoles on conductor startup  https://review.openstack.org/25725215:58
Nisha_awaywhich assigns msdos for bios and gpt for uefi as default disk_labels and those works15:58
jrollNisha_away: well, what's the issue then? can't specify disk label?15:58
jrollNisha_away: in any case, please file a bug for the specific bug that this fixes, that's the first step to making this backportable (if it is)15:59
Nisha_awayyes, its not sent as an argument to ironci_lib or rather you can say that it doesnt pass user specified disk_label in the node15:59
Nisha_awayok15:59
jrollNisha_away: thanks15:59
Nisha_awayi will file a bug. So in ironic also it will also fixed as a bug then?16:00
jrollI need to step away for a while, back in an huor16:00
jrollNisha_away: yes, file a single bug against ironic and IPA16:00
Nisha_awayjroll, ok, but there is one doc patch for ilo drivers16:00
Nisha_awayin among three16:01
*** ohamada has quit IRC16:01
jrollNisha_away: right, that one should be against the RFE still16:01
Nisha_awayYes16:01
Nisha_awayfor other two patches i will mark them against the new bug16:02
jrollNisha_away: okay, ty16:02
jrollbbl16:02
openstackgerritSergii Turivnyi proposed openstack/python-ironicclient: Add sanity tests for testing actions with Port  https://review.openstack.org/24094416:03
openstackgerritSergii Turivnyi proposed openstack/python-ironicclient: Negative tests for testing actions with port.  https://review.openstack.org/25935416:03
*** alexpilotti has joined #openstack-ironic16:04
*** keedya has quit IRC16:05
*** aginwala has joined #openstack-ironic16:07
*** phuongnh has joined #openstack-ironic16:07
*** alexpilotti has quit IRC16:09
*** aginwala has quit IRC16:13
openstackgerritNisha Agarwal proposed openstack/ironic: Add disk_label for partition images for agent drivers  https://review.openstack.org/29575116:13
openstackgerritNisha Agarwal proposed openstack/ironic-python-agent: Add disk_label support for partition images  https://review.openstack.org/29576616:15
*** jaosorior has quit IRC16:18
*** aginwala has joined #openstack-ironic16:18
*** saripurigopi has joined #openstack-ironic16:19
*** e0ne has joined #openstack-ironic16:21
openstackgerritVasyl Saienko proposed openstack/ironic: Update resources only for specific instance.  https://review.openstack.org/28749816:22
openstackgerritSergii Turivnyi proposed openstack/python-ironicclient: Tests for testing chassis-create command  https://review.openstack.org/29363416:26
*** cdearborn has quit IRC16:28
*** aginwala has quit IRC16:29
*** alexpilotti has joined #openstack-ironic16:31
*** moshele has quit IRC16:31
*** aginwala has joined #openstack-ironic16:31
*** chopmann has quit IRC16:32
openstackgerritLucas Alvares Gomes proposed openstack/ironic-python-agent: iscsi: wipe part table before starting the target  https://review.openstack.org/28434716:35
*** alexpilotti has quit IRC16:36
*** saripurigopi has quit IRC16:37
jrolllucasagomes: NobodyCam: jlvillal: TheJulia: I added some things to https://etherpad.openstack.org/p/ironic-mitaka-finish if you want to help dogpile on reviews16:41
jlvillaljroll: Thanks. I will look...16:42
lucasagomesjroll, just +2'd the chassis one16:42
lucasagomeslemme take a look at the others16:42
jrolllucasagomes: thanks! I'll make that a fixme16:43
lucasagomesjroll, not a big deal tho16:43
jrolltoo late :P16:43
lucasagomeslol16:43
openstackgerritJim Rollenhagen proposed openstack/ironic: Fix sphinx docs build  https://review.openstack.org/29586816:43
* lucasagomes re +216:44
jlvillaljroll is the farmer and I'm a duck :)  https://www.youtube.com/watch?v=kjdUSPe7Yj416:44
openstackgerritRamamani Yeleswarapu proposed openstack/ironic: Centralize config options - [amt]  https://review.openstack.org/29594616:45
openstackgerritJim Rollenhagen proposed openstack/ironic: Append 'Openstack-Baremetal-Request-ID' header to the response  https://review.openstack.org/23800816:45
jrolljlvillal: O_o16:45
jrolllucasagomes: ^ fixed the response header there16:46
*** spandhe has joined #openstack-ironic16:46
* lucasagomes looks16:46
lucasagomesjust finishing the disk label one16:46
jlvillalheh, I always find that video funny16:46
*** dims_ has quit IRC16:46
*** suro-patz has joined #openstack-ironic16:47
jrolljlvillal: in a meeting so I didn't click yet :)16:47
*** pcaruana has quit IRC16:52
lucasagomesinspector folks, can I get some eyes at https://review.openstack.org/#/c/295327/ (small patch)16:57
lucasagomesthanks16:57
* sambetts looking 16:57
*** keedya has joined #openstack-ironic16:57
*** mgould has quit IRC16:58
sambettslucasagomes: +216:59
lucasagomessambetts, ty!16:59
*** trown is now known as trown|lunch17:01
*** lucasagomes is now known as lucas-afk17:02
*** Guest91251 has quit IRC17:02
*** dims has joined #openstack-ironic17:02
openstackgerritNisha Agarwal proposed openstack/ironic-python-agent: Add disk_label support for partition images  https://review.openstack.org/29576617:04
NobodyCamnight lucas-afk17:05
openstackgerritNisha Agarwal proposed openstack/ironic: Add disk_label and node_uuid for agent drivers  https://review.openstack.org/29575117:07
phuongnhsambetts:do you have any idea for me?17:08
*** phuongnh has quit IRC17:08
*** baoli has quit IRC17:10
*** baoli has joined #openstack-ironic17:11
openstackgerritGonéri Le Bouder proposed openstack/ironic-python-agent: iscsi: wipe part table before starting the target  https://review.openstack.org/28434717:11
*** phuongnh has joined #openstack-ironic17:11
*** harshs has joined #openstack-ironic17:12
jlvillallucas-afk: jroll: I did a +2 on https://review.openstack.org/#/c/284347/   I wasn't sure if wanted to only do +A on patches on https://etherpad.openstack.org/p/ironic-mitaka-finish17:12
*** dims has quit IRC17:13
jrolljlvillal: IPA already has the stable/mitaka branch cut, newton is open for it17:13
*** mgould has joined #openstack-ironic17:13
jrollthe other projects, don't want to land anything risky17:13
jlvillaljroll: Thanks!17:14
jlvillaljroll: Never mind Goneri pushed a new patch over top of two +2s ;)17:15
jrollheh17:15
*** degorenko is now known as _degorenko|afk17:15
*** saripurigopi has joined #openstack-ironic17:16
*** dprince has quit IRC17:17
*** aginwala has quit IRC17:17
*** baoli has quit IRC17:18
*** aginwala has joined #openstack-ironic17:18
*** MattMan has quit IRC17:19
*** MattMan has joined #openstack-ironic17:19
*** aginwala has quit IRC17:20
*** baoli has joined #openstack-ironic17:21
sambettso/ jlvillal17:22
*** daemontool has quit IRC17:22
jlvillalsambetts: \o :)17:23
*** cdearborn has joined #openstack-ironic17:23
Gonerijlvillal, yes, there was this ugly type in the docstring.17:24
jlvillalGoneri: I thought lucas-afk had pushed a fix for it?17:24
jlvillalIn patch set 1917:25
openstackgerritMerged openstack/ironic: Update the text in user guide of ironic  https://review.openstack.org/27950317:25
Gonerioh indeed17:25
GoneriWell, let's pretend that two push in a row give better result :D17:26
jlvillalGoneri: Any thoughts on my minor comment in patch set 19?17:27
*** mbound has quit IRC17:27
Gonerioh indeed, let's fix that.17:27
*** krtaylor has quit IRC17:27
jlvillalGoneri: Thanks17:28
openstackgerritGonéri Le Bouder proposed openstack/ironic-python-agent: iscsi: wipe part table before starting the target  https://review.openstack.org/28434717:28
Goneridone17:28
devanandajroll: your api header patch needs a quick fix17:30
jlvillalGoneri: +217:30
*** Sukhdev has quit IRC17:31
jrolldevananda: not seeing it, you mean in the commit message or?17:31
jrolldevananda: or the actual header returned via the API17:32
*** alexpilotti has joined #openstack-ironic17:32
devanandathe actual header17:32
*** phuongnh has quit IRC17:32
*** afaranha has quit IRC17:32
jrolldevananda: ugh, why is that being manipulated17:33
devanandajroll: http://paste.openstack.org/show/LsHfZ2mn9EHGWQUOeV5C/17:33
jrolldevananda: anyway, you want that updated in commit message or reno or the code or all?17:33
jrollmmmm17:33
jrollI bet curl manipulates that17:33
devanandajroll: wait. it's just this line that's wrong:  state.response.headers['OpenStack-Request-ID'] = request_id17:33
jrollwill fix shortly17:33
*** moshele has joined #openstack-ironic17:34
jroll?17:34
*** lucas-afk is now known as lucasagomes17:34
lucasagomesNobodyCam, :D17:34
jrolldevananda: what's wrong with that, other than tools will munge the case?17:34
devanandaI'll just edit the patch17:35
devanandajroll: it's the wrong header name17:35
NobodyCamlucasagomes: ahh your not going away17:35
NobodyCam;)17:35
devanandaOpenstack-Baremetal-Request-ID vs Openstack-Request-ID17:35
jrolldevananda: it should be Openstack-Request-ID17:36
devanandaoh!17:36
jrollwe had a discussion in the comments there17:36
devanandathen your commit message is wrong17:36
jrollthe commit message is wrong17:36
jrollyeah17:36
jrollI'll normalize the case too17:36
lucasagomesjroll, oh but the commit message needs to be updated :-/17:36
*** ifarkas has quit IRC17:36
*** alexpilotti has quit IRC17:36
jrollright17:36
* lucasagomes revoked his vote17:36
lucasagomesas devananda pointed out17:37
devanandagiven the order of things, I was interpreting your latest patch as fixing things based on the discussion17:37
devanandacool. i'll fix since I'm already staring at it17:38
openstackgerritJim Rollenhagen proposed openstack/ironic: Append 'Openstack-Baremetal-Request-ID' header to the response  https://review.openstack.org/23800817:38
jrolldevananda: lucasagomes: ^17:38
jrollheh17:38
lucasagomesjroll, first line still wrong :-(17:38
jrollgdi17:38
devanandalol17:38
* lucasagomes changes it in gerrit17:38
lucasagomesor u do it, if you have it handy :D17:38
*** klindgren has joined #openstack-ironic17:38
jrolltoo late17:38
openstackgerritJim Rollenhagen proposed openstack/ironic: Append 'Openstack-Request-Id' header to the response  https://review.openstack.org/23800817:38
lucasagomesjroll, heh cheers, +217:39
devananda+2+A'd17:39
jrollthanks17:39
klindgrenHello - wondering if their is a feature in IPA or ironic that lets you set the device naming for nics?  Since, we are trying to use configdrive, but the issue is that depending on the OS and the server the device to use for networking is totally different17:40
klindgren(aka I got 99 problems and systemd is one)17:40
jrollklindgren: udev rules in your images can help17:40
klindgrenbut this would also apply to some servers that have onboard nics being used and other servers that have 10gig addin cards that is being used17:41
*** krtaylor has joined #openstack-ironic17:41
*** daemontool has joined #openstack-ironic17:42
*** Nisha_away has quit IRC17:43
gmmahaklindgren: what OS are you using on those machines?17:43
*** krotscheck has quit IRC17:43
jrollklindgren: yeah, I'm not sure then, someone else may know :)17:44
klindgrenCombo between cent6 and cent717:44
klindgrenso systemd and non-systemd :-/17:44
gmmahaaaah.. have never used cent* :(17:44
jlvillalklindgren: Are they coming up as eth0, eth1?  Or as like p7p213?17:44
*** pcaruana has joined #openstack-ironic17:44
jlvillalbiosdevname is a helpful thing17:44
jrollstepping away for lunch17:45
*** derekh has quit IRC17:45
gmmahaklindgren: i havent seen a feature in ironic that will do wth setting the NIC naming.. the best i found without systemd was biosdevname and with systemd (systemd itself)17:46
lucasagomesklindgren, hmm odd, do you have net.ifnames=0 in ur kernel cmdline?17:47
lucasagomesif so that would disable the consistent naming17:47
klindgrenit depends on the os - the bigger issues is that configdrive from nova always has eth0 as configured.  But the device to use might be eth0, it might be eth3 (add in 10gig card).  Or in the case of systemd and biosdevname it might be em1 or em2 or p1p2 or p2p117:47
*** praneshp_ has joined #openstack-ironic17:47
lucasagomesklindgren, yeah :-/ it's a pain indeed17:48
*** mdorman has joined #openstack-ironic17:48
klindgrenI was hoping that I could set something that indicated which nic/name should be used and the IPA could do some smarts depending on whats being done17:49
lucasagomesklindgren, may worth asking #tripleo how they do it, I think they use a combination of inspection + os-net-config17:49
jrollklindgren: check out the json network metadata, it doesn't depend on the interface name http://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/metadata-service-network-info.html17:49
lucasagomesklindgren, IPA won't tweak the tenants imae17:50
lucasagomesimage17:50
* TheJulia seconds the network metadata17:50
klindgrenI am not asking for it to tweek the image I am asking if it could tweek the config drive data that it creates17:50
TheJuliayou would have to, realistically do that in nova, or in the request to create the configdrive17:50
lucasagomesyeah it won't be do that either because it will make the configdrive out of sync with the metadata server etc17:51
lucasagomesTheJulia, yeah17:51
klindgrenbut how would nova know how to set it when ironic is the thing that knows about the hardware?17:51
TheJuliaklindgren: realistically, something in the OS needs to process the network metadata from nova17:52
jrollseriously, use the json metadata, cloud-init will match the macs to interfaces17:52
klindgrenwhich we have cloud-init doing - but it doesn't really transform the template at all17:53
klindgrenon kilo - so :-/17:53
jrollwelp17:53
* jroll really goes to lunch now17:53
TheJuliaThe dib simple-init element/glean will read the json and do the right thing, but you'll naturally need the metadata17:53
mdormanso cloud-init already supports the json network metadata?17:54
*** trown|lunch is now known as trown17:54
TheJuliamdorman: I think they are still working on support for it17:54
mdormankk17:54
lucasagomesklindgren, right, check with #tripleo how they do that. I remember that long time ago we wanted to do something like https://review.openstack.org/#/c/145302/17:54
TheJulialast I heard, it was not implemented, but I've not kept on top if it17:54
mdormansure, ok.  fair enough17:54
lucasagomesthat could pass extra information from ironic to the config drive when generating it17:54
openstackgerritMerged openstack/ironic: Document partition image support with agent_ilo  https://review.openstack.org/29571017:56
lucasagomesfolks I'm going to call it a day17:57
lucasagomeshave a great evening all!17:57
TheJuliagoodnight lucasagomes17:57
devanandag'night, lucasagomes o/17:57
lucasagomessee you tmrw17:57
*** lucasagomes is now known as lucas-dinner17:57
*** dprince has joined #openstack-ironic17:57
*** d0ugal has quit IRC17:58
*** d0ugal has joined #openstack-ironic17:59
sambettsglean definatly supports the network metadata, and I have patches in flight to support vlan and bonding with glean too, see https://review.openstack.org/#/c/289412/1/nova/virt/ironic/driver.py for a example on how to generate custom network metadata from Ironic, that patch is for supporting ports and portgroups in the neutron intergration but it certainly a start :)17:59
*** baoli has quit IRC17:59
sambettsmdorman: ^17:59
NobodyCamnight lucas-dinner17:59
sambettso/ lucas-dinner18:00
TheJulia:)18:00
*** baoli has joined #openstack-ironic18:00
mdormanthanks sambetts18:00
sambettsmdorman: glean patches are here -> https://review.openstack.org/#/c/293648/ https://review.openstack.org/#/c/283726/18:01
mdormankk18:03
* sambetts is heading off 18:03
jlvillalsambetts: Ciao!18:03
* jlvillal heads to lunch18:03
sambettso/ jlvillal, night all18:03
*** sambetts is now known as sambetts|afk18:04
JayFjroll: need a hand with that kilo gate you were mentioning earlier? If not going to grab my upstream patchsets and go18:04
*** cdearborn has quit IRC18:07
NobodyCamnight sambetts|afk18:07
*** d0ugal has quit IRC18:09
*** aginwala has joined #openstack-ironic18:11
*** mkovacik__ has quit IRC18:12
*** phuongnh has joined #openstack-ironic18:13
jrollJayF: nah, I'm waiting to finish out mitaka before starting on that18:14
*** aginwala has quit IRC18:15
JayFah18:15
JayFneed me to review anything to help with that?18:15
*** ChubYann has joined #openstack-ironic18:16
jrollJayF: anything here is up for grabs https://etherpad.openstack.org/p/ironic-mitaka-finish18:16
openstackgerritAndre Aranha proposed openstack/python-oneviewclient: Extend python-oneviewclient to Uplink Set  https://review.openstack.org/29598118:17
* jroll still afk >.>18:18
*** aginwala has joined #openstack-ironic18:18
* NobodyCam wounders who is posting for jroll as he is afk18:18
NobodyCam:p18:18
jrollshhh.'18:18
jrolljust checking on things between lunch and walking the dog :P18:19
JayFNobodyCam: he doesn't talk about it publically anymore, but he got a chip to make the IRC go directly to his brain18:19
NobodyCamlol...18:19
JayF:P18:19
*** mbound has joined #openstack-ironic18:20
NobodyCam:)18:20
*** boris-42 has joined #openstack-ironic18:21
*** daemontool has quit IRC18:25
*** Marga_ has quit IRC18:36
*** jtomasek has quit IRC18:37
openstackgerritMerged openstack/bifrost: Update mitaka release notes source  https://review.openstack.org/29504118:39
jrollhah18:41
*** aginwala has quit IRC18:43
* TheJulia thinks its time for moar coffee18:45
*** mbound has quit IRC18:46
*** athomas has quit IRC18:46
*** chopmann has joined #openstack-ironic18:50
* mgould -> home; good night, everyone!18:54
openstackgerritgreghaynes proposed openstack/bifrost: Set both forms of pxe_append_params  https://review.openstack.org/29600718:54
*** mgould has quit IRC18:54
*** aginwala has joined #openstack-ironic18:55
*** aginwala has quit IRC18:57
*** aginwala has joined #openstack-ironic18:58
*** Sukhdev has joined #openstack-ironic18:59
*** alexpilotti has joined #openstack-ironic19:01
*** Marga_ has joined #openstack-ironic19:02
*** mtanino has quit IRC19:04
*** alexpilotti has quit IRC19:06
*** achanda has quit IRC19:07
*** aswadr_ has quit IRC19:10
*** electrofelix has quit IRC19:12
*** achanda has joined #openstack-ironic19:16
*** ametts has quit IRC19:17
openstackgerritMerged openstack/ironic-python-agent: iscsi: wipe part table before starting the target  https://review.openstack.org/28434719:21
*** alexpilotti has joined #openstack-ironic19:27
openstackgerritMerged openstack/ironic: Add disk_label and node_uuid for agent drivers  https://review.openstack.org/29575119:27
openstackgerritMerged openstack/ironic: Fix sphinx docs build  https://review.openstack.org/29586819:28
*** alexpilotti has quit IRC19:31
*** suro-patz has quit IRC19:32
openstackgerritVladyslav Drok proposed openstack/ironic: Add portgroups to support LAG interfaces - API  https://review.openstack.org/20624419:33
openstackgerritVladyslav Drok proposed openstack/ironic: Update the deploy drivers with network flipping logic  https://review.openstack.org/21326219:33
openstackgerritVladyslav Drok proposed openstack/ironic: WIP: add network drivers  https://review.openstack.org/28585219:33
*** alexpilotti has joined #openstack-ironic19:33
*** alexpilotti has quit IRC19:33
*** alexpilotti has joined #openstack-ironic19:33
*** harlowja_at_home has quit IRC19:37
*** cdearborn has joined #openstack-ironic19:38
*** Goneri has quit IRC19:47
*** piet has joined #openstack-ironic19:56
*** piet has quit IRC19:56
*** david-lyle_ has joined #openstack-ironic19:56
openstackgerritMerged openstack/ironic: Append 'Openstack-Request-Id' header to the response  https://review.openstack.org/23800819:57
*** praneshp__ has joined #openstack-ironic19:57
*** chopmann has quit IRC19:57
*** david-lyle has quit IRC19:57
*** praneshp_ has quit IRC19:58
*** clenimar has quit IRC19:58
*** ekarlso- has quit IRC19:58
*** jlvillal has quit IRC19:58
*** lynxman has quit IRC19:58
*** lynxman has joined #openstack-ironic19:59
*** lynxman has joined #openstack-ironic19:59
*** suro-patz has joined #openstack-ironic20:00
*** alexpilotti has quit IRC20:01
*** david-lyle_ is now known as david-lyle20:02
jrolldoes anybody have anything they want to block an ironic release on?20:02
jrollNobodyCam: devananda TheJulia ^20:02
*** dprince has quit IRC20:02
*** baoli has quit IRC20:02
NobodyCamhumm20:03
* NobodyCam takes a quick look 20:03
openstackgerritAndre Aranha proposed openstack/python-oneviewclient: Extend python-oneviewclient to Uplink Set  https://review.openstack.org/29598120:03
*** jlvillal has joined #openstack-ironic20:03
devanandajroll: wdyt of https://review.openstack.org/291829 ?20:05
*** Sukhdev has quit IRC20:05
devanandait adds a new option to the API -- so it wont be suitable to backports20:05
JayFlooking20:05
JayFoooh20:05
devanandaand it helps with the deprecation process for the bash ramdisk20:05
NobodyCamI'd be okay with it20:05
NobodyCameven thou I only have a +1 on it now20:06
jrolldevananda: oh yeah, for some reason I thought that was in20:06
devanandaI thought so too. just noticed it wasn't20:06
* devananda reapplies +220:06
NobodyCam:)20:07
jrolldevananda: don't want to approve?20:07
devanandajroll: if you're good with it now, I will20:07
jrolldevananda: I haven't reviewed it but I'm fine with the concept20:08
devanandajroll: it's an easy read. I'm fine waiting if you want to review it20:08
devanandajroll: or I can hit the button :)20:08
jrolldevananda: go ahead, between two meetings right now :)20:09
jrollotherwise I can hit it in an hour20:09
devanandadone20:09
jrollthanks20:09
jrollonce that comes down I'll release, unless someone has objections20:09
devanandaworks for me20:09
JayFjroll: if you're only between two meetings, you're currently missing one :P20:09
TheJuliafrom my pov, I haven't seen anything20:09
jrollJayF: uh oh, which am I missing20:10
JayFjroll: open book20:10
jrollI'm there, plus TC meeting20:10
*** clenimar has joined #openstack-ironic20:10
JayFlol20:10
jrollidk what the third is20:10
JayFmultimeetingtasking20:10
jrollone is ears one is eyes20:11
jroll:P20:11
*** ekarlso- has joined #openstack-ironic20:11
* NobodyCam sees that and thinks : https://www.youtube.com/watch?v=97ECZMvbLxg20:13
*** aginwala has quit IRC20:13
*** alexpilotti has joined #openstack-ironic20:14
*** aginwala has joined #openstack-ironic20:18
*** alexpilotti has quit IRC20:18
*** achanda has quit IRC20:34
*** moshele has quit IRC20:37
*** ChrisAusten has joined #openstack-ironic20:37
*** moshele has joined #openstack-ironic20:38
*** aginwala has quit IRC20:38
*** aginwala has joined #openstack-ironic20:41
jlvillaljroll: I think https://etherpad.openstack.org/p/ironic-mitaka-finish is looking pretty good.20:41
jrolljlvillal: yep, waiting on https://review.openstack.org/#/c/291829/20:42
jlvillalThere is the one IPA patch, which I gave a +1.20:42
JayFjlvillal: link?20:43
JayFjlvillal: I thought all the ipa stuff was landed20:43
jlvillalJayF: https://review.openstack.org/#/c/295766/20:44
jlvillalIt would need to be back-ported20:44
jlvillaljroll: I don't see https://review.openstack.org/#/c/291829/ in https://etherpad.openstack.org/p/ironic-mitaka-finish20:44
jrolljlvillal: see conversation above, we decided to pull it in20:45
JayF+2'd that ipa patch, although wouldn't hurt my feelings to get another review on that20:45
JayFsince I'm not pro at partition images20:45
jlvillalAh, okay. thanks. /me reads back-scroll20:45
*** suro-patz has quit IRC20:51
*** jaypipes has quit IRC20:52
*** e0ne has quit IRC20:53
openstackgerritJarrod Johnson proposed openstack/pyghmi: Provide attach remote media function  https://review.openstack.org/29604720:53
*** spandhe has quit IRC20:54
openstackgerritMerged openstack/ironic: Agent: Out-of-band power off on deploy  https://review.openstack.org/29182920:56
jrollwoo20:57
*** moshele has quit IRC20:57
jrollalrighty, I'm releasing the hounds20:57
devanandajroll: \o/20:57
*** alexpilotti has joined #openstack-ironic20:58
*** raildo is now known as raildo-afk20:58
jrollhttps://review.openstack.org/29604920:59
jrollthanks for the hard work this cycle, everyone.20:59
*** Sukhdev has joined #openstack-ironic20:59
jlvillaljroll: devananda: On https://review.openstack.org/#/c/291829/10/ironic/drivers/modules/agent_base_vendor.py   Assuming it is okay that it is always doing OOB there. Or am I missing something?20:59
*** alexpilotti has quit IRC21:00
jrolljlvillal: where now?21:00
*** alexpilotti has joined #openstack-ironic21:00
jlvillalIsn't line 703 executed for all conditions?21:00
jlvillalIs line 703 the out of band?21:00
jlvillalI might just be confused.21:01
jroll703 checks if it should be oob21:01
jroll705 tells the agent to in-band reboot21:01
devanandajlvillal: default path is: if not false: allow inband reboot21:01
jlvillalSorry 729 on the right21:01
jrollif that fails, it falls through to 729 for oob21:01
jroller, 705 tells the agent to in-band *shutdown*21:01
devanandaooh21:01
jrolland 729 starts it back up21:02
jroll(if it succeeds)21:02
devanandayea, it's fine.21:02
devanandaL706 will wait for the agent to finish powering down (or timeout) before it hits L729 and forces the reboot21:02
jrollit's basically, if not do_oob: try do_inband_shutdown() except: log; oob_reboot()21:02
devanandaand L729 will just power it up if the graceful shutdown was successful21:03
jlvillalBut it always does do OOB reboot. Correct?21:03
devanandajlvillal: not exactly, no21:03
jlvillalFrom L729 on right21:03
devanandajlvillal: it always calls that, yes. but that doesn't always do the reboot21:03
jrollit always *calls* oob_reboot(), which will just power it on if it is already off21:03
devananda^ right21:03
jlvillalOh, okay. Thanks!21:03
jroll705-6 shuts it off, assuming the agent is able to do so21:03
jroll(which didn't change from before that patch)21:04
jlvillalThanks for explaining it :)21:04
devanandaI think the confusing bit is that manager_utils.node_power_action(task, states.REBOOT) also gracefully handles the state where the node is powered off already21:04
jrollright21:04
jlvillalThat is what confused me.21:04
devanandajlvillal: glad we could help clear it up :)21:04
jlvillal:)21:04
*** alexpilotti has quit IRC21:05
*** alexpilotti has joined #openstack-ironic21:08
*** jcoufal has quit IRC21:10
*** trown is now known as trown|outtypewww21:10
*** dims has joined #openstack-ironic21:11
*** alexpilotti has quit IRC21:13
jrollstepping away for a while21:13
*** Sukhdev has quit IRC21:19
*** suro-patz has joined #openstack-ironic21:27
*** keedya has quit IRC21:28
*** spandhe has joined #openstack-ironic21:29
openstackgerritVladyslav Drok proposed openstack/ironic: Add test to verify ironic multitenancy  https://review.openstack.org/26915721:34
openstackgerritVladyslav Drok proposed openstack/ironic: Allow to build user image with DIB  https://review.openstack.org/25636321:34
openstackgerritVladyslav Drok proposed openstack/ironic: Add Link-Local-Connection info to ironic port  https://review.openstack.org/25636521:34
openstackgerritVladyslav Drok proposed openstack/ironic: Added operator documentation for ironic portgroups  https://review.openstack.org/22849621:34
openstackgerritVladyslav Drok proposed openstack/ironic: Add portgroups to support LAG interfaces - API  https://review.openstack.org/20624421:34
openstackgerritVladyslav Drok proposed openstack/ironic: refactor ironic enroll-node code  https://review.openstack.org/25636421:34
openstackgerritVladyslav Drok proposed openstack/ironic: Add configure_provision_network function  https://review.openstack.org/25636721:34
openstackgerritVladyslav Drok proposed openstack/ironic: Update Ironic VM network connection  https://review.openstack.org/25636621:34
openstackgerritVladyslav Drok proposed openstack/ironic: Update the deploy drivers with network flipping logic  https://review.openstack.org/21326221:34
openstackgerritVladyslav Drok proposed openstack/ironic: WIP: add network drivers  https://review.openstack.org/28585221:34
openstackgerritVladyslav Drok proposed openstack/ironic: Add Ironic/Neutron integration documentation  https://review.openstack.org/25859621:34
openstackgerritVladyslav Drok proposed openstack/ironic: Allow to use NETWORK_DRIVERS in devstack  https://review.openstack.org/29352021:34
*** achanda has joined #openstack-ironic21:34
*** alexpilotti has joined #openstack-ironic21:36
*** alexpilotti has quit IRC21:37
*** alexpilo_ has joined #openstack-ironic21:37
*** achanda has quit IRC21:40
*** daemontool has joined #openstack-ironic21:41
*** alexpilo_ has quit IRC21:41
*** aginwala has quit IRC21:42
*** moshele has joined #openstack-ironic21:43
*** openstackgerrit has quit IRC21:48
*** openstackgerrit has joined #openstack-ironic21:49
*** e0ne has joined #openstack-ironic21:50
*** Sukhdev has joined #openstack-ironic21:54
*** aginwala has joined #openstack-ironic22:00
*** baoli has joined #openstack-ironic22:07
*** harlowja_at_home has joined #openstack-ironic22:08
*** mjturek1 has quit IRC22:10
*** baoli has quit IRC22:11
JayFHow receptive would folks be to a "force state" API, or something similar?22:19
JayFWhere regardless of what Ironic thinks, an operator could "force" a machine into a given state -- I'm thinking like, forcing a deploying -> deploy failed or cleaning -> clean failed as the primary uses22:20
JayFsorta along the lines of the stack of operator features which are a "bad idea" in a perfect world, but as an operator I find I want because the real world is far from perfect :)22:20
*** e0ne has quit IRC22:21
*** achanda has joined #openstack-ironic22:21
*** alexpilotti has joined #openstack-ironic22:22
*** moshele has quit IRC22:22
*** alexpilotti has quit IRC22:23
*** alexpilo_ has joined #openstack-ironic22:23
NobodyCamJayF: sounds kinda like what the Active Node Creation spec started out as22:24
*** alexpilo_ has quit IRC22:24
*** alexpilotti has joined #openstack-ironic22:25
JayFI think there's a hugely different use case22:25
JayFin my use case, I'm thinking some kind of "outage" situation happened22:25
NobodyCamoh not saying that...22:25
JayFlike a conductor being unable to reach agents22:25
NobodyCamjust kinda reminded me of how that got started22:26
JayFtoday, that can leave nodes in weird states, including being stuck forever in "deploying" state unless you touch the db22:26
JayFsame thing can happen in cases of agent failure22:26
JayFand I'm getting tired of having to write SQL to cleanup my testing environments, it's an antipattern to have to touch the db ever :(22:26
NobodyCamso whould this be force ANY state or more like force into *ERROR state22:27
devanandaJayF: I agree with ^, however I have yet to see a proposal for a way to handle that which doesn't a) risk blowing up in some valid cases, or b) expose the same antipattern in an API22:27
JayFI mean, bluntly, I don't think that's a reasonable thing to ask: we ship software so broken it requires a crowbar to fix, but yet make operators bring their own22:28
JayFI appreciate the perspective of "lets make this work the Right Way(tm) in all cases so we don't need tools like this", but I don't think it's reasonable of us to continue to withhold that kind of tooling in our API22:29
JayFeven Nova has reset-state :)22:29
devanandaJayF: is reset-state a nova-manage command? iow, does it use the REST API, or a CLI that munges the DB for you?22:30
JayFthat's all I'm looking for realistically, a reset-state for ironic to throw a node into error no matter what, so the operator (who might know more than Ironic about environmental failures) can tell Ironic to give us22:30
JayF*give up22:30
JayFlet me see, I honestly odn't know22:30
devanandaI'm all for an operator tool that makes this easier22:30
devanandabut I don't want to encode it in the REST API22:30
JayFhttp://docs.openstack.org/admin-guide-cloud/support-compute.html /me glad to see it's not downstream22:30
JayFOh, I'm pretty sure this hits an api endpoint22:31
JayFI run it from my desktop and it hits nova-api to do it22:31
devanandahuh22:31
alaskiit's an "admin" API command22:31
*** Sukhdev has quit IRC22:31
JayFhttps://github.com/openstack/nova/blob/1635086529c43edcb69966c48c41b5fca2d1b26c/nova/api/openstack/compute/admin_actions.py#L7122:31
alaskiif it were proposed today I'm not sure it would be accepted22:31
devanandaJayF: yah, you're correct22:32
JayFI'm very glad it does exist, because it's required to run a cloud22:32
devanandaalaski: hehe22:32
alaskiJayF: sure, but not in the REST API22:32
JayFHow else would it be implemented then?22:32
alaskinova-manage, or really I would like a separate admin endpoint22:32
*** baoli has joined #openstack-ironic22:32
JayFIn a nutshell, what is nova-manage?22:33
devanandaJayF: I believe what alaski is saying matches what i'm saying22:33
TheJuliaNobodyCam: yeah, this is along the same exact lines of discussion ANC came up from, although it was focused on creating a node into existance that ultimately is externally deployed22:33
*** Sukhdev has joined #openstack-ironic22:33
alaskiJayF: CLI interface for admins. mostly direct db interaction type of stuff22:33
devanandaJayF: nova-manage is a CLI for wrapping db or other *nix style commands22:33
JayFLOL https://wiki.openstack.org/wiki/NovaManage "The nova-manage isn't properly documented, but it's going away in Folsom, so using this wiki page for quick docs on it.22:33
*** baoli_ has joined #openstack-ironic22:33
devanandathings that cloud operators definitely need, but which shouldn't be exposed in a public REST API endpoint22:33
TheJulianice22:33
alaskihah. that's not going to happen22:33
NobodyCamTheJulia: ya I was just saying it reminded me of how ANC came about22:33
JayFI would not be keen on it being some cli command that reaches out and touches my DB either22:33
JayFseparate admin api endpoint doesn't make sense for Ironic -- as we say all the time we're already an admin-only api22:34
devanandaJayF: "nova-manage db sync"22:34
alaskionline db data migrations are handled via nova-manage now22:34
NobodyCamthou I can see value in something like force-into-error-state22:35
devanandait is exactly that - a CLI that touches your DB22:35
TheJuliaNobodyCam: or force out of error state22:35
JayFSee, I don't understand why a reset-state API endpoint is bad but that isn't22:35
JayFTheJulia: like nova reset-state --active22:35
TheJuliaexactly22:35
JayFMight I suggest this would make a /damn good/ design summit chat at the summit?22:36
devanandaJayF: completely agreed :)22:36
JayFit's an elephant-in-the-room kind of problem22:36
devanandayup22:36
JayFthat ironic's operation requires hitting the db sometimes22:36
JayFand we all just accept it22:36
devanandaI don't think anyone is going to argue that it's not a problem22:36
NobodyCam:(22:36
JayFand I'm tired of having to review SQL for my peers to cleanup Ironic's messes22:36
devanandaJayF: fair enough. let's find a solution22:36
devanandaJayF: you want to lead the session? :)22:37
JayFAbso-effen-lutely22:37
JayFwell, actually22:37
JayFif the leader is supposed to be more of a ... moderator22:37
JayFprobably shouldn't be me :)22:37
NobodyCamno take backs22:37
devanandaJayF: haha :P22:37
*** baoli has quit IRC22:37
*** Sukhdev has quit IRC22:37
JayFif it's OK for the person running the session to ahve an agenda, I'm very on board22:37
devanandaJayF: well, you should talk to jroll either way. and stick that on the topic pad22:37
JayFI bet jroll is as sick of this crap as I am :P and I'm looking for the topic pad right now22:37
NobodyCamJayF: as summit is just around the coner maybe a hacking session on fixing ???22:38
alaskiJayF: I'm not arguing against a way to do what you want. Just offering my perspective which is that embedding reset-state in the API makes it a permanent fixture, and adds an expectation that it should be used. Having it as a low level tool to accomplish it sets the right expectations about how often it should be used22:38
devanandasessions usually need an empassioned presenter, a moderator, and a note-taker. sometimes more than one of each :)22:38
JayFNobodyCam: +.5, like here's the deal: we'll always be chasing the next bug22:38
JayFNobodyCam: we have to give operators the tool to unwind all the bugs we haven't written yet22:38
devanandaalaski: ++22:38
JayFalaski: I will agree that I think reset-state can be ... overused22:38
devanandaNobodyCam: -- on a hacking session to fix it because we haven't even agreed on HOW to fix it22:39
JayFalaski: but given our API has node-delete, with no warning, that's arguably much more destructive, I find it hard to get upset about :)22:39
TheJuliaalaski: agreed, although it is also unreasonable to expect all admins to have direct database access to do their jobs, it can become a separation of duties issue in some orgs very quickly22:39
devanandaJayF: til; we need policy support in our API22:39
devanandaNobodyCam: now if you wanted to hack out policy support, I'd be on board with that22:40
devanandaalso, apparently, it won't be hard for us to add22:40
devanandaI just haven't had th etime22:40
TheJuliathe framework is there22:40
alaskiJayF: fair, but having one mess doesn't mean others should be added :)22:40
JayFdevananda: ++ with policy support too, heh22:40
TheJuliajust takes time to define and punch into place22:40
devanandaTheJulia: right22:40
JayFalaski: I'm more making the point there's a big puddle on the floor and everyone is arguing over the color of the mop :P22:40
JayFI would LOVE to hack on policy support on Friday morning at the summit22:41
alaskiTheJulia: that's fair. I am also amenable to a separate admin endpoint, though I understand that's an odd distinction in the ironic case22:41
JayFis it a code-date?22:41
JayF:)22:41
TheJuliaJayF: shopvac22:41
* NobodyCam likes the blue mop22:41
TheJulialol22:41
JayFTheJulia: ironic shopvac $UUID # magically cleans up whatever mess has been made of the node22:41
NobodyCamlol22:41
NobodyCam+++22:41
JayFTheJulia: Backend: just files a ticket to have ops touch the db22:41
TheJulialol22:41
JayFlol22:41
NobodyCambut we should call it a wetDryVac22:42
TheJuliaJayF: 3 months later, ops replies, can't find instance22:42
* NobodyCam *ducks*22:42
TheJuliaNobodyCam: I think we need to go yarn shopping in Austin.... Just saying..22:43
*** achanda has quit IRC22:43
NobodyCam:)22:43
*** ayoung has quit IRC22:43
JayFhttps://etherpad.openstack.org/p/mitaka-ironic-design-summit-ideas topic added as #922:44
*** rbudden has quit IRC22:44
*** Sukhdev has joined #openstack-ironic22:44
*** absubram has quit IRC22:47
*** aginwala has quit IRC22:48
* jlvillal thought JayF added section on Yarn shopping :)22:53
NobodyCamlol22:53
TheJuliano, the yarn is to toss at NobodyCam :)22:53
jlvillal:)22:53
NobodyCamlol22:53
jlvillalJayF: On your topic. Seems like a superset of what TheJulia was/is doing with regards of being able to move manageable states to provisioned.22:56
jlvillalIf I'm remembering things correctly.22:56
TheJuliajlvillal: What JayF is bringing up, is exactly how it got started, just the primary case we brought forth was creating nodes in inventory that are "active"22:57
jlvillalTheJulia: Thanks. Agreed it would be nice to just move things with some super command. Instead of mysql commands :)22:58
JayFMy angle is completely centered around this user story: "As an operator of Ironic, I should never need to run manual SQL queries"22:58
TheJuliaJayF: ++22:59
JayFand today we have at least 2 states I'm aware of where that can happen22:59
JayFand I suspect it's a similar pattern for some of our async things22:59
*** baoli_ has quit IRC23:00
*** baoli has joined #openstack-ironic23:01
*** aginwala has joined #openstack-ironic23:01
*** jaybeale has quit IRC23:02
JayFhttps://review.openstack.org/#/c/293781/1 has 6x +1s if someone wants to give it a core review; one line change23:05
cineramai was really excited about the yarn shopping :( :)23:08
NobodyCamlol23:09
*** cdearborn has quit IRC23:11
*** dims_ has joined #openstack-ironic23:12
*** rbudden has joined #openstack-ironic23:13
*** mdorman has quit IRC23:13
*** causten_ has joined #openstack-ironic23:14
*** dims has quit IRC23:15
*** dims has joined #openstack-ironic23:15
TheJuliawell, 7 +1s now23:15
*** baoli has quit IRC23:16
jrollJayF: devananda: I'm always happy to moderate a session that is led by someone with strong opinions :)23:16
*** ChrisAusten has quit IRC23:17
jroll+2 for 29378123:17
NobodyCamand now 1 +2 :)23:17
*** izaakk has quit IRC23:17
jrollpfft23:17
* jroll +A23:17
NobodyCamlol23:17
jroll:)23:18
*** dims_ has quit IRC23:18
*** causten_ has quit IRC23:19
TheJuliagoodnight folks23:19
jroll\o23:19
*** dims_ has joined #openstack-ironic23:19
*** achanda has joined #openstack-ironic23:22
*** dims has quit IRC23:22
*** dims has joined #openstack-ironic23:23
NobodyCamhave a good night TheJulia23:23
*** jaybeale has joined #openstack-ironic23:24
*** dims_ has quit IRC23:25
gmmahaHi, could someone shed some light on possible pitfalls using bifrost along with ILO?23:28
*** manjeets has joined #openstack-ironic23:29
devanandagmmaha: are you already familiar with using bifrost and ipmi?23:29
gmmahai am trying to use bifrost to privision some machines that are managed by ILO and the machine starts download the coreos image and jsut hangs.. nothing beyond that23:29
gmmahadevananda: yup.. ipmi is the one that is used as the driver agent23:29
gmmahaand the target machine reboots fine, but hangs with the kernel download23:30
devanandagmmaha: I'm having trouble parsing "is used as the driver agent"23:30
gmmahaand nothing beyond tath23:30
*** rbudden has quit IRC23:30
gmmahadevananda: sorry what i meant is, i am using ipmi as the method to talk to the bare metal.. in the json file that is used to enroll machines in bifrost23:30
devanandagmmaha: what driver is ironic using to manage the machines? "agent_ipmitool" ?23:30
* gmmaha goes to find the exact string23:30
gmmahadevananda: yes..23:31
devanandaok. then this should have nothing to do with iLO23:31
devanandagmmaha: you might want to change the serial console redirection that the ramdisk is performing, to help with troubleshooting23:31
gmmahadevananda: ok. will try that out.. thanks23:32
devanandagmmaha: for instance, I have this option in my bifrost configs: extra_kernel_options: "nofb nomodeset vga=normal console=ttyS2,115200n8"23:33
devanandathe exact option will vary between hardware vendors23:33
*** praneshp__ has quit IRC23:34
gmmahadevananda: aaah Ok.. let me set it such and see what happens23:34
gmmahathanks23:34
*** Sukhdev has quit IRC23:36
*** smoriya_ has joined #openstack-ironic23:48
*** suro-patz has quit IRC23:54
*** baoli has joined #openstack-ironic23:54
« Monday, 2016-03-21 Index Wednesday, 2016-03-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!